From owner-freebsd-security@FreeBSD.ORG Wed May 28 13:01:35 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD5AC37B401 for ; Wed, 28 May 2003 13:01:35 -0700 (PDT) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id D262543F75 for ; Wed, 28 May 2003 13:01:30 -0700 (PDT) (envelope-from roam@ringlet.net) Received: (qmail 17995 invoked from network); 28 May 2003 19:54:57 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 28 May 2003 19:54:56 -0000 Received: (qmail 46032 invoked by uid 1000); 28 May 2003 20:04:32 -0000 Date: Wed, 28 May 2003 23:04:32 +0300 From: Peter Pentchev To: "Simon L. Nielsen" Message-ID: <20030528200431.GA1676@straylight.oblivion.bg> Mail-Followup-To: "Simon L. Nielsen" , Erik Paulsen Sk?lerud , security@freebsd.org References: <20030528174703.GW90377@numachi.com> <007d01c32543$94c3c3c0$0a00000a@yes.no> <20030528183624.GC1981@nitro.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7" Content-Disposition: inline In-Reply-To: <20030528183624.GC1981@nitro.dk> User-Agent: Mutt/1.5.4i cc: security@freebsd.org Subject: Re: FW: Question about logging. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 20:01:36 -0000 --fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 28, 2003 at 08:36:24PM +0200, Simon L. Nielsen wrote: > On 2003.05.28 20:04:28 +0200, Erik Paulsen Sk?lerud wrote: >=20 > > Yeah, I've gotten that far. But, how can I explicity -only- filter out = ipfw > > messages from the default console output? Looks like the only way is to > > remove kern.debug :( >=20 > I think you can use something like this in syslog.conf (untested) : >=20 > !-ipfw > *.err;kern.debug;auth.notice;mail.crit /dev/console This would match log entries generated by a userland application named 'ipfw'. The ipfw log lines are, however, generated by the *kernel*, and they would never match this rule. > Or something along those lines... Logging kern.security to a separate file should be enough, I think? Never tried it, though. > Try looking at syslog.conf(5), it does explain a lot. Yep, that too :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This would easier understand fewer had omitted. --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+1RZP7Ri2jRYZRVMRAtQKAKCkT2E2q+Z5Gl92aN0rNqcPw8qU1ACgv5fr vMcgFAQo4AOmDH/AwQVA1kc= =3FMT -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7--