From owner-freebsd-questions@FreeBSD.ORG Sun Apr 3 01:00:20 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B51916A4CE for ; Sun, 3 Apr 2005 01:00:20 +0000 (GMT) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id F0E2A43D1D for ; Sun, 3 Apr 2005 01:00:19 +0000 (GMT) (envelope-from as2sb3100@comcast.net) Received: from 204.127.197.111 (unknown[204.127.197.130](misconfigured sender)) by comcast.net (rwcrmhc12) with SMTP id <2005040301001901400e2380e>; Sun, 3 Apr 2005 01:00:19 +0000 Received: from [67.160.176.243] by 204.127.197.111; Sun, 03 Apr 2005 01:00:21 +0000 From: as2sb3100@comcast.net To: freebsd-questions@FreeBSD.ORG Date: Sun, 03 Apr 2005 01:00:21 +0000 Message-Id: <040320050100.28578.424F40250003106600006FA22206999735CFCFCECC0D9CCD9C0E@comcast.net> X-Mailer: AT&T Message Center Version 1 (Dec 17 2004) X-Authenticated-Sender: YXMyc2IzMTAwQGNvbWNhc3QubmV0 Subject: RE: ipmon logging X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Apr 2005 01:00:20 -0000 I figured it was something like that. I read the man page for newsyslog and well not knowing very much about proccesses and stuff, I just skipped over the pid part. After doing some reading I figured out I had to put in the path to the pid. Now when newsyslog rotates the log file it restarts (or relaods or something) ipmon. RTFM realy helps. > After testing with 5.3 on my workbench box it seems that ipfilter > has changed between 4.11 and 5.3. The syslog.conf logging statement > of local0.* /var/log/security is only valid for the > ipfilter in the 4.x versions of Freebsd. > security.* /var/log/security is only valid for the > ipfilter in the 5.3 version and greater of Freebsd. > > > The official handbook is written for 4.11 release. It needs to be > updated for the 5.3 5.4 releases > > > > -----Original Message----- > From: as2sb3100@comcast.net [mailto:as2sb3100@comcast.net] > Sent: Friday, April 01, 2005 3:12 PM > To: bob@a1poweruser.com > Subject: RE: ipmon logging > > from the FAQ: > 1. # I have IPMon logging to syslog, but syslog doesn't log > anything, why not? > > IPF logs as local0 so you'll want something to the effect of: > local0.debug /var/log/ipf.log > in your syslog.conf. NOTE: There has to be atleast one TAB in > that line, not just spaces. > > It doesnt do this though, I think, I could mistaken. In my rc.conf > file I have ipmon_flags="Ds" and the line in syslog.conf from above > (I've also tried local0.* /var/log/ipf.log in syslog.conf) which > should do what it says above. All this is documented in the > Handbook. However, ipmon uses the security facility instead of > local0. This means that whenever something is logged by ipmon, it > gets loged to /var/log/security. If I change ipmon_flags="Ds" to > ipmon_flags="D /var/log/ipf.log" it works perectly. However, when > newsyslog rotates the file when it gets to 100k, ipmon stops > logging. When I run nmap I normaly get a bunch of stuff logged. > When newsyslog rotates the file it adds logfile turned over due > to..., and then nothing gets logged after that. So I know that it > stops logging after newsyslog rotates the log. I've been reading > through the newsyslog.conf man page, but I'm not sure what I'm > looking for. > > > > There is a new write up of IPF in the official manual that > explains > > in detail how to get ipmon to log to separate file. > > > > You have to give more technical details about what you have done. > > > > -----Original Message----- > > From: owner-freebsd-questions@freebsd.org > > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of > > as2sb3100@comcast.net > > Sent: Friday, April 01, 2005 1:50 PM > > To: freebsd-questions@freebsd.org > > Subject: ipmon logging > > > > According to every website I've read so far ipmon uses local0 as > the > > facility name. However, on my FreeBSD 5.3-RELEASE-p5 box, it logs > > to the security facility. The man page (in both 5.2.1 and 5.3) > for > > ipmon, with -s for logging to syslog says, "The default facility > > when compiled and installed is security". Can anyone explain > this? > > I'd like ipmon to log to a separate file so it doesn't fill up the > > security log. I've tried having ipmon log directly to a file, and > > not using syslog, but it stops logging when newsyslog rotates the > > file. Does anyone have any suggestions on what I could or should > > do? > > > > Eric > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "freebsd-questions-unsubscribe@freebsd.org" > > >