From owner-freebsd-pf@FreeBSD.ORG  Mon Jun 21 14:58:20 2010
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4E91E106566C
	for <freebsd-pf@freebsd.org>; Mon, 21 Jun 2010 14:58:20 +0000 (UTC)
	(envelope-from bsemene@cyanide-studio.com)
Received: from relay.cyanide-studio.com (relay.cyanide-studio.com [91.121.7.6])
	by mx1.freebsd.org (Postfix) with ESMTP id 09AE08FC0C
	for <freebsd-pf@freebsd.org>; Mon, 21 Jun 2010 14:58:19 +0000 (UTC)
Received: from mail.cyanide-studio.com
	(LAubervilliers-153-52-12-153.w217-128.abo.wanadoo.fr
	[217.128.107.153])
	by relay.cyanide-studio.com (Postfix) with ESMTP id 76EE6964003
	for <freebsd-pf@freebsd.org>; Mon, 21 Jun 2010 15:00:01 +0000 (UTC)
Received: from localhost (unknown [10.1.8.14])
	by mail.cyanide-studio.com (Postfix) with ESMTP id E779117BF434
	for <freebsd-pf@freebsd.org>; Mon, 21 Jun 2010 16:58:16 +0200 (CEST)
Received: from mail.cyanide-studio.com ([10.1.8.3])
	by localhost (mailguard.cyanide-studio.com [10.1.8.14]) (amavisd-maia,
	port 10024) with ESMTP id 85324-09 for <freebsd-pf@freebsd.org>;
	Mon, 21 Jun 2010 16:58:16 +0200 (CEST)
Received: from [10.1.8.123] (unknown [10.1.8.123])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: bsemene@cyanide-studio.com)
	by mail.cyanide-studio.com (Postfix) with ESMTP id C26FA17BF431
	for <freebsd-pf@freebsd.org>; Mon, 21 Jun 2010 16:58:16 +0200 (CEST)
Message-ID: <4C1F7E0B.2060908@cyanide-studio.com>
Date: Mon, 21 Jun 2010 16:58:19 +0200
From: Bastien Semene <bsemene@cyanide-studio.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr;
	rv:1.9.1.10) Gecko/20100512 Lightning/1.0b1 Thunderbird/3.0.5
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
References: <4C1F6D93.2060306@cyanide-studio.com>
In-Reply-To: <4C1F6D93.2060306@cyanide-studio.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: Problem with logging on message log file instead of security
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jun 2010 14:58:20 -0000

Update :
The problem seems to be from ipmon.

I sent messages with the logger tool and it correctly redirected them to 
the /var/log/security log file, for the 
security.{info;notice;warning;err} messages.

Le 21/06/2010 15:48, Bastien Semene a écrit :
> Hi,
>
> First, the problem concerns ipmon, but I didn't find its mailing list 
> on the website listing : http://lists.freebsd.org/mailman/listinfo
> I'm sorry if I missed it, and I will be glad if someone can point me 
> the right mailing list.
>
> The problem is that my firewall logs are written in the 
> /var/log/messages instead of the /var/log/security  log file.
> Ipmon manual says that by default messages should be sent to the 
> security facility.
>
> /etc/rc.conf :
> ipfilter_enable="YES"
> ipfilter_rules="/etc/ipf.rules"
> ipmon_enable="YES"
> ipmon_flags="-Ds"
> ipnat_enable="YES"
> ipnat_rules="/etc/ipnat.rules"
> syslogd_flags = "-s -b localhost"
>
> /etc/syslog.conf :
> *.err;kern.warning;auth.notice;mail.crit                /dev/console
> *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   
> /var/log/messages
> security.*                                      /var/log/security
> auth.info;authpriv.info                         /var/log/auth.log
> mail.info                                       /var/log/maillog
> lpr.info                                        /var/log/lpd-errs
> ftp.info                                        /var/log/xferlog
> cron.*                                          /var/log/cron
> user.*                                          /var/log/user.log
> *.=debug                                        /var/log/debug.log
> *.emerg                                         *
> !startslip
> *.*                                             /var/log/slip.log
> !ppp
> *.*                                             /var/log/ppp.log
>
> Does someone encountered this problem before ?
>

-- 
Bastien Semene
Administrateur Réseau&  Système

Cyanide Studio - FRANCE