Date: Mon, 21 Jun 2010 16:58:19 +0200 From: Bastien Semene <bsemene@cyanide-studio.com> To: freebsd-pf@freebsd.org Subject: Re: Problem with logging on message log file instead of security Message-ID: <4C1F7E0B.2060908@cyanide-studio.com> In-Reply-To: <4C1F6D93.2060306@cyanide-studio.com> References: <4C1F6D93.2060306@cyanide-studio.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Update :
The problem seems to be from ipmon.
I sent messages with the logger tool and it correctly redirected them to
the /var/log/security log file, for the
security.{info;notice;warning;err} messages.
Le 21/06/2010 15:48, Bastien Semene a écrit :
> Hi,
>
> First, the problem concerns ipmon, but I didn't find its mailing list
> on the website listing : http://lists.freebsd.org/mailman/listinfo
> I'm sorry if I missed it, and I will be glad if someone can point me
> the right mailing list.
>
> The problem is that my firewall logs are written in the
> /var/log/messages instead of the /var/log/security log file.
> Ipmon manual says that by default messages should be sent to the
> security facility.
>
> /etc/rc.conf :
> ipfilter_enable="YES"
> ipfilter_rules="/etc/ipf.rules"
> ipmon_enable="YES"
> ipmon_flags="-Ds"
> ipnat_enable="YES"
> ipnat_rules="/etc/ipnat.rules"
> syslogd_flags = "-s -b localhost"
>
> /etc/syslog.conf :
> *.err;kern.warning;auth.notice;mail.crit /dev/console
> *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
> /var/log/messages
> security.* /var/log/security
> auth.info;authpriv.info /var/log/auth.log
> mail.info /var/log/maillog
> lpr.info /var/log/lpd-errs
> ftp.info /var/log/xferlog
> cron.* /var/log/cron
> user.* /var/log/user.log
> *.=debug /var/log/debug.log
> *.emerg *
> !startslip
> *.* /var/log/slip.log
> !ppp
> *.* /var/log/ppp.log
>
> Does someone encountered this problem before ?
>
--
Bastien Semene
Administrateur Réseau& Système
Cyanide Studio - FRANCE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C1F7E0B.2060908>