Date: Wed, 8 Nov 2000 21:20:46 -0500 From: "Jonathan M. Slivko" <jmslivko@msn.com> To: "Rowan Crowe" <rowan@sensation.net.au>, "FreeBSD ISP Mailing List" <freebsd-isp@freebsd.org> Subject: Re: ipfw - log to somewhere else? Message-ID: <OE281TbdkSmLAztxc1o0000020f@hotmail.com>
index | next in thread | raw e-mail
[-- Attachment #1 --] I have a similarly related question: What about a machine that is on the Internet, but would like to route all it's syslog operations to another, backup machine. What is needed to do that successfully? So far, I haven't had any luck in producing the desired effect. -- Jonathan M. Slivko ----- Original Message ----- From: Rowan Crowe Sent: Wednesday, November 08, 2000 8:42 PM To: freebsd-isp@freebsd.org Subject: ipfw - log to somewhere else? Hi all, With the ever increasing number of UDP 137 and TCP 139 scans, my logs are filling up fast... between 2,000-3,000 lines per day just from ipfw. My "email diff of denied packets every 20 minutes" script is almost useless since I'm receiving an email almost every single 20 minute run, and the ipfw denies are also causing /var/messages to be rotated a lot more frequently. While I still want those ports blocked and logged for reporting purposes, is there a way to divert the log entries to another file? Just to complicate things, most of the ipfw denies come from another machine and the log entries arrive via syslog... Cheers. -- Rowan Crowe http://www.rowan.sensation.net.au/ Sensation Internet Services http://info.sensation.net.au/ Melbourne, Australia Phone: +61-3-9388-9260 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message [-- Attachment #2 --] <HTML><BODY STYLE="font:10pt verdana; border:none;"><DIV>I have a similarly related question: </DIV> <DIV> </DIV> <DIV>What about a machine that is on the Internet, but would like to route all it's syslog operations to another, backup machine. What is needed to do that successfully? So far, I haven't had any luck in producing the desired effect. -- Jonathan M. Slivko<BR></DIV> <DIV><BR></DIV> <BLOCKQUOTE style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style="FONT: 10pt Arial">----- Original Message -----</DIV> <DIV style="BACKGROUND: #e4e4e4; FONT: 10pt Arial; FONT-COLOR: black"><B>From:</B> Rowan Crowe</DIV> <DIV style="FONT: 10pt Arial"><B>Sent:</B> Wednesday, November 08, 2000 8:42 PM</DIV> <DIV style="FONT: 10pt Arial"><B>To:</B> freebsd-isp@freebsd.org</DIV> <DIV style="FONT: 10pt Arial"><B>Subject:</B> ipfw - log to somewhere else?</DIV> <DIV><BR></DIV>Hi all,<BR><BR>With the ever increasing number of UDP 137 and TCP 139 scans, my logs are<BR>filling up fast... between 2,000-3,000 lines per day just from ipfw. My<BR>"email diff of denied packets every 20 minutes" script is almost useless<BR>since I'm receiving an email almost every single 20 minute run, and the<BR>ipfw denies are also causing /var/messages to be rotated a lot more<BR>frequently.<BR><BR>While I still want those ports blocked and logged for reporting purposes,<BR>is there a way to divert the log entries to another file?<BR><BR>Just to complicate things, most of the ipfw denies come from another<BR>machine and the log entries arrive via syslog...<BR><BR>Cheers.<BR><BR><BR>--<BR>Rowan Crowe http://www.rowan.sensationnet.au/<BR>Sensation Internet Services http://info.sensation.net.au/<BR>Melbourne, Australia Phone: +61-3-9388-9260<BR><BR><BR><BR>To Unsubscribe: send mail to majordomo@FreeBSD.org<BR>with "unsubscribe freebsd-isp" in the body of the message<BR><BR> <DIV></DIV></BLOCKQUOTE></BODY></HTML>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE281TbdkSmLAztxc1o0000020f>