From owner-freebsd-isp Wed Nov 8 18:20: 9 2000 Delivered-To: freebsd-isp@freebsd.org Received: from hotmail.com (oe28.pav0.hotmail.com [64.4.32.108]) by hub.freebsd.org (Postfix) with ESMTP id 037A237B479 for ; Wed, 8 Nov 2000 18:20:06 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 8 Nov 2000 18:20:05 -0800 X-Originating-IP: [209.187.200.84] From: "Jonathan M. Slivko" To: "Rowan Crowe" , "FreeBSD ISP Mailing List" Subject: Re: ipfw - log to somewhere else? Date: Wed, 8 Nov 2000 21:20:46 -0500 MIME-Version: 1.0 X-Mailer: MSN Explorer 6.00.0010.0900 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0000_01C049C9.C2770CD0" Message-ID: X-OriginalArrivalTime: 09 Nov 2000 02:20:05.0826 (UTC) FILETIME=[92FC4220:01C049F3] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ------=_NextPart_001_0000_01C049C9.C2770CD0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have a similarly related question: =20 What about a machine that is on the Internet, but would like to route all= it's syslog operations to another, backup machine. What is needed to do = that successfully? So far, I haven't had any luck in producing the desire= d effect. -- Jonathan M. Slivko ----- Original Message ----- From: Rowan Crowe Sent: Wednesday, November 08, 2000 8:42 PM To: freebsd-isp@freebsd.org Subject: ipfw - log to somewhere else? Hi all, With the ever increasing number of UDP 137 and TCP 139 scans, my logs are filling up fast... between 2,000-3,000 lines per day just from ipfw. My "email diff of denied packets every 20 minutes" script is almost useless since I'm receiving an email almost every single 20 minute run, and the ipfw denies are also causing /var/messages to be rotated a lot more frequently. While I still want those ports blocked and logged for reporting purposes, is there a way to divert the log entries to another file? Just to complicate things, most of the ipfw denies come from another machine and the log entries arrive via syslog... Cheers. -- Rowan Crowe http://www.rowan.sensation.net.a= u/ Sensation Internet Services http://info.sensation.net.a= u/ Melbourne, Australia Phone: +61-3-9388-92= 60 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------=_NextPart_001_0000_01C049C9.C2770CD0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

I have a simil= arly related question:

What about a machine= that is on the Internet, but would like to route all it's syslog operati= ons to another, backup machine. What is needed to do that successfully? S= o far, I haven't had any luck in producing the desired effect. -- Jonatha= n M. Slivko

----- Original Mess= age -----

From: Rowan Crowe

Sent: Wednesday, November 08, 2000 8:42 PM
To: freebsd-isp@freebsd.org
Subject: ipfw - log to som= ewhere else?

Hi all,

With the ever increasing= number of UDP 137 and TCP 139 scans, my logs are
filling up fast... b= etween 2,000-3,000 lines per day just from ipfw. My
"email diff of den= ied packets every 20 minutes" script is almost useless
since I'm recei= ving an email almost every single 20 minute run, and the
ipfw denies a= re also causing /var/messages to be rotated a lot more
frequently.
=
While I still want those ports blocked and logged for reporting purpo= ses,
is there a way to divert the log entries to another file?

= Just to complicate things, most of the ipfw denies come from another
m= achine and the log entries arrive via syslog...

Cheers.

--
Rowan Crowe         &= nbsp;           &n= bsp;        http://www.rowan.sensation= net.au/
Sensation Internet Services     &nbs= p;            = ; http://info.sensation.net.au/
Melbourne, Australia   =             &= nbsp;           &n= bsp;     Phone: +61-3-9388-9260

To Uns= ubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd= -isp" in the body of the message

<= /HTML> ------=_NextPart_001_0000_01C049C9.C2770CD0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message