From owner-freebsd-questions Wed Feb 7 10:27:37 2001 Delivered-To: freebsd-questions@freebsd.org Received: from clmboh1-smtp3.columbus.rr.com (unknown [65.24.0.112]) by hub.freebsd.org (Postfix) with ESMTP id B9F0437B491 for ; Wed, 7 Feb 2001 10:27:18 -0800 (PST) Received: from mail.iowna.com (dhcp065-024-023-038.columbus.rr.com [65.24.23.38]) by clmboh1-smtp3.columbus.rr.com (8.11.2/8.11.2) with ESMTP id f17IOlr21128; Wed, 7 Feb 2001 13:24:48 -0500 (EST) Message-ID: <3A81927A.9D964FD1@mail.iowna.com> Date: Wed, 07 Feb 2001 13:22:50 -0500 From: Bill Moran X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: daniel Cc: freebsd-questions@FreeBSD.ORG Subject: Re: FreeBSD Logging to track connection problems References: <020a01c0912a$2dedff80$f46fbdd1@pacex.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG daniel wrote: > I tryed 'Log_In_Vain' but it is obviously not logging everything because the > remote office server user is supposed to talk to does not even show in the > log (/var/log/messages). It's not supposed to log everything. It only logs attempts to connect to ports that the machine doesn't have open. It's mostly used to detect portscanning and other intrusion attempts. > I also tryed logging everything in > /etc/rc.firewall --> open and this does not show session either. > Is there a utility that can log EVERY packet with it's protocol and port > number? Are you saying that you've configured IPFW as an "open" firewall and then modified the open profile in rc.firewall to log ALL packets? And yet it's not logging? What does "ipfw show" report? -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message