From owner-freebsd-questions@FreeBSD.ORG Sat Jan 16 16:23:42 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7F7DB1065670 for ; Sat, 16 Jan 2010 16:23:42 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from dirj.bris.ac.uk (dirj.bris.ac.uk [137.222.10.78]) by mx1.freebsd.org (Postfix) with ESMTP id 3F55A8FC12 for ; Sat, 16 Jan 2010 16:23:42 +0000 (UTC) Received: from seis.bris.ac.uk ([137.222.10.93]) by dirj.bris.ac.uk with esmtp (Exim 4.69) (envelope-from ) id 1NWBR4-000503-Dy for freebsd-questions@freebsd.org; Sat, 16 Jan 2010 16:23:40 +0000 Received: from mech-cluster241.men.bris.ac.uk ([137.222.187.241]) by seis.bris.ac.uk with esmtp (Exim 4.67) (envelope-from ) id 1NWBR3-0007A5-MN for freebsd-questions@freebsd.org; Sat, 16 Jan 2010 16:23:38 +0000 Received: from mech-cluster241.men.bris.ac.uk (localhost [127.0.0.1]) by mech-cluster241.men.bris.ac.uk (8.14.3/8.14.3) with ESMTP id o0GGNbTv092924 for ; Sat, 16 Jan 2010 16:23:37 GMT (envelope-from mexas@bristol.ac.uk) Received: (from mexas@localhost) by mech-cluster241.men.bris.ac.uk (8.14.3/8.14.3/Submit) id o0GGNbvc092923 for freebsd-questions@freebsd.org; Sat, 16 Jan 2010 16:23:37 GMT (envelope-from mexas@bristol.ac.uk) X-Authentication-Warning: mech-cluster241.men.bris.ac.uk: mexas set sender to mexas@bristol.ac.uk using -f Date: Sat, 16 Jan 2010 16:23:37 +0000 From: Anton Shterenlikht To: freebsd-questions@freebsd.org Message-ID: <20100116162337.GI91835@mech-cluster241.men.bris.ac.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) X-Spam-Score: -4.5 X-Spam-Level: ---- Subject: syslog - ipmon(8) logs to a wrong log file? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Jan 2010 16:23:42 -0000 This is on FreeBSD 9.0-CURRENT ia64. I've ipfilter built into the kernel, with logging enabled: options IPFILTER options IPFILTER_DEFAULT_BLOCK options IPFILTER_LOG It works fine, but logs to a wrong file. I run ipmon with -Ds options: # ps ax|grep ipmon 740 ?? Ss 1:28.09 /sbin/ipmon -Ds # "D" is for deamon mode, and "s" is to log via syslog. According to ipmon(8): The default facility when compiled and installed is security. So I've in /etc/syslog.conf: security.* /var/log/ipfilter.log but I get all ipmon messages in /var/log/messages. According to my /etc/syslog.conf this file shouldn't have ipmon messages: *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages What am I doing wrong? Please advise many thanks -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423