Date: Wed, 8 Nov 2000 21:20:46 -0500 From: "Jonathan M. Slivko" <jmslivko@msn.com> To: "Rowan Crowe" <rowan@sensation.net.au>, "FreeBSD ISP Mailing List" <freebsd-isp@freebsd.org> Subject: Re: ipfw - log to somewhere else? Message-ID: <OE281TbdkSmLAztxc1o0000020f@hotmail.com>
next in thread | raw e-mail | index | archive | help
------=_NextPart_001_0000_01C049C9.C2770CD0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have a similarly related question: =20 What about a machine that is on the Internet, but would like to route all= it's syslog operations to another, backup machine. What is needed to do = that successfully? So far, I haven't had any luck in producing the desire= d effect. -- Jonathan M. Slivko ----- Original Message ----- From: Rowan Crowe Sent: Wednesday, November 08, 2000 8:42 PM To: freebsd-isp@freebsd.org Subject: ipfw - log to somewhere else? Hi all, With the ever increasing number of UDP 137 and TCP 139 scans, my logs are filling up fast... between 2,000-3,000 lines per day just from ipfw. My "email diff of denied packets every 20 minutes" script is almost useless since I'm receiving an email almost every single 20 minute run, and the ipfw denies are also causing /var/messages to be rotated a lot more frequently. While I still want those ports blocked and logged for reporting purposes, is there a way to divert the log entries to another file? Just to complicate things, most of the ipfw denies come from another machine and the log entries arrive via syslog... Cheers. -- Rowan Crowe http://www.rowan.sensation.net.a= u/ Sensation Internet Services http://info.sensation.net.a= u/ Melbourne, Australia Phone: +61-3-9388-92= 60 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------=_NextPart_001_0000_01C049C9.C2770CD0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <HTML><BODY STYLE=3D"font:10pt verdana; border:none;"><DIV>I have a simil= arly related question: </DIV> <DIV> </DIV> <DIV>What about a machine= that is on the Internet, but would like to route all it's syslog operati= ons to another, backup machine. What is needed to do that successfully? S= o far, I haven't had any luck in producing the desired effect. -- Jonatha= n M. Slivko<BR></DIV> <DIV><BR></DIV> <BLOCKQUOTE style=3D"PADDING-RIGHT:= 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid= ; MARGIN-RIGHT: 0px"> <DIV style=3D"FONT: 10pt Arial">----- Original Mess= age -----</DIV> <DIV style=3D"BACKGROUND: #e4e4e4; FONT: 10pt Arial; FONT= -COLOR: black"><B>From:</B> Rowan Crowe</DIV> <DIV style=3D"FONT: 10= pt Arial"><B>Sent:</B> Wednesday, November 08, 2000 8:42 PM</DIV> <D= IV style=3D"FONT: 10pt Arial"><B>To:</B> freebsd-isp@freebsd.org</DI= V> <DIV style=3D"FONT: 10pt Arial"><B>Subject:</B> ipfw - log to som= ewhere else?</DIV> <DIV><BR></DIV>Hi all,<BR><BR>With the ever increasing= number of UDP 137 and TCP 139 scans, my logs are<BR>filling up fast... b= etween 2,000-3,000 lines per day just from ipfw. My<BR>"email diff of den= ied packets every 20 minutes" script is almost useless<BR>since I'm recei= ving an email almost every single 20 minute run, and the<BR>ipfw denies a= re also causing /var/messages to be rotated a lot more<BR>frequently.<BR>= <BR>While I still want those ports blocked and logged for reporting purpo= ses,<BR>is there a way to divert the log entries to another file?<BR><BR>= Just to complicate things, most of the ipfw denies come from another<BR>m= achine and the log entries arrive via syslog...<BR><BR>Cheers.<BR><BR><BR= >--<BR>Rowan Crowe &= nbsp; &n= bsp; http://www.rowan.sensation= net.au/<BR>Sensation Internet Services &nbs= p;  = ; http://info.sensation.net.au/<BR>Melbourne, Australia = &= nbsp; &n= bsp; Phone: +61-3-9388-9260<BR><BR><BR><BR>To Uns= ubscribe: send mail to majordomo@FreeBSD.org<BR>with "unsubscribe freebsd= -isp" in the body of the message<BR><BR> <DIV></DIV></BLOCKQUOTE></BODY><= /HTML> ------=_NextPart_001_0000_01C049C9.C2770CD0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE281TbdkSmLAztxc1o0000020f>