From owner-freebsd-questions@FreeBSD.ORG Thu Dec 8 10:13:01 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20F5E16A420 for ; Thu, 8 Dec 2005 10:13:01 +0000 (GMT) (envelope-from toomas.aas@raad.tartu.ee) Received: from kuller.raad.tartu.ee (kuller.raad.tartu.ee [194.126.106.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DDBF43D7B for ; Thu, 8 Dec 2005 10:12:49 +0000 (GMT) (envelope-from toomas.aas@raad.tartu.ee) Received: from localhost (localhost [127.0.0.1]) by kuller.raad.tartu.ee (Postfix) with ESMTP id 3FCA2BB1B for ; Thu, 8 Dec 2005 12:12:41 +0200 (EET) Received: from kuller.raad.tartu.ee ([127.0.0.1]) by localhost (kuller.raad.tartu.ee [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20319-07 for ; Thu, 8 Dec 2005 12:12:34 +0200 (EET) Received: from raad.tartu.ee (lv.raad.tartu.ee [194.126.106.110]) by kuller.raad.tartu.ee (Postfix) with ESMTP id 11109B8CC for ; Thu, 8 Dec 2005 12:12:30 +0200 (EET) Received: from INFO/SpoolDir by raad.tartu.ee (Mercury 1.48); 8 Dec 05 12:12:31 +0300 Received: from SpoolDir by INFO (Mercury 1.48); 8 Dec 05 12:12:24 +0300 Received: from [192.168.1.2] (192.168.1.2) by raad.tartu.ee (Mercury 1.48) with ESMTP; 8 Dec 05 12:12:14 +0300 Message-ID: <43980705.5090205@raad.tartu.ee> Date: Thu, 08 Dec 2005 12:12:21 +0200 From: Toomas Aas User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at post.raad.tartu.ee Cc: Subject: ipmon syslog facility in FreeBSD 6.0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 10:13:01 -0000 Hello! What syslog facility is ipmon using on FreeBSD 6.0? From the documentation I don't see that anything is supposed to be changed from 5.4, where it was 'security'. So on my freshly-installed FreeBSD 6.0 I made modifications to /etc/syslog.conf similar to those that work on 5.4. Basically I added this as the first uncommented line to /etc/syslog.conf security.* /var/log/ipfilter However, nothing is logged to /var/log/ipfilter. I'm using the default value for ipmon_flags in /etc/rc.conf and ps output shows that '/sbin/ipmon -Ds' is running. At the same time, ipfstat -ih shows increasing number of hits on rules which have 'log' keyword in them. The logfile /var/log/ipfilter exists and is mode 0600, owner root:wheel. When I enable all.log in syslog.conf, ipmon messages are logged to all.log. So it seems like I'm not using the correct facility for /var/log/ipfilter. How can I find out what the correct facility is? I tried reading the source, but it's beyond my comprehension (except contrib/ipfilter/Makefile, which seems to imply that it's still 'security').