From owner-freebsd-questions@FreeBSD.ORG Tue Apr 27 21:17:12 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D08CD16A4CE for ; Tue, 27 Apr 2004 21:17:12 -0700 (PDT) Received: from ms-smtp-03-eri0.ohiordc.rr.com (ms-smtp-03-smtplb.ohiordc.rr.com [65.24.5.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 44A1943D3F for ; Tue, 27 Apr 2004 21:17:12 -0700 (PDT) (envelope-from dmehler26@woh.rr.com) Received: from satellite (dhcp065-031-041-029.woh.rr.com [65.31.41.29]) i3S4H92w009966 for ; Wed, 28 Apr 2004 00:17:09 -0400 (EDT) Message-ID: <000201c42cd7$32100d00$0200a8c0@satellite> From: "dave" To: References: <20040427165617.736E016A4EB@hub.freebsd.org> <408EC09C.3010407@elvandar.org> <408EC59D.3070503@elvandar.org> Date: Wed, 28 Apr 2004 00:13:43 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: ipmon logging as well X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Apr 2004 04:17:12 -0000 Hello, I'm also atempting to get ipmon to log properly to a file /var/log/ipf.log. My thanks for the recent traffic on this subject, unfortunately it has not worked in my case. My system is a 5.2.1 box, it does not run ipnat just ipfilter and ipmon. I've got: options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK compiled in to my kernel. And in rc.conf: ipfilter_enable="YES" ipfilter_rules="/etc/ipf.rules" ipfilter_flags="" (Note, i thought this one was suppose to resolve a problem of a duplicate ipfilter startup message, about already being initialized?) ipmon_enable="YES" ipmon_flags="-D /var/log/ipf.log" In the /etc/rc.d/ipfilter script i added ipmon to the end of the require: line and in the ipmon script i added ipfilter. On boot i get a message that says enabling ipfilter, default = block all, logging = enabled. A little later i get the message: Enabling ipfilter ioctl(SIOCIPFL6):Invalid argument and it does not work. Suggestions welcome, also when i get this working i'd like for newsyslog to rotate this log file, but the last time i tried this newsyslog rotated the file yet kept the original pointer open and kept logging to the old file. Thanks. Dave.