From owner-freebsd-security@FreeBSD.ORG Wed May 28 13:14:21 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 28DAE37B401 for ; Wed, 28 May 2003 13:14:21 -0700 (PDT) Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CFF843F75 for ; Wed, 28 May 2003 13:14:20 -0700 (PDT) (envelope-from simon@arthur.nitro.dk) Received: by arthur.nitro.dk (Postfix, from userid 1000) id 8C7A510BF89; Wed, 28 May 2003 22:14:19 +0200 (CEST) Date: Wed, 28 May 2003 22:14:19 +0200 From: "Simon L. Nielsen" To: Erik Paulsen Sk?lerud , security@freebsd.org Message-ID: <20030528201417.GA3741@nitro.dk> References: <20030528174703.GW90377@numachi.com> <007d01c32543$94c3c3c0$0a00000a@yes.no> <20030528183624.GC1981@nitro.dk> <20030528200431.GA1676@straylight.oblivion.bg> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT" Content-Disposition: inline In-Reply-To: <20030528200431.GA1676@straylight.oblivion.bg> User-Agent: Mutt/1.5.4i Subject: Re: FW: Question about logging. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 20:14:21 -0000 --X1bOJ3K7DJ5YkBrT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2003.05.28 23:04:32 +0300, Peter Pentchev wrote: > On Wed, May 28, 2003 at 08:36:24PM +0200, Simon L. Nielsen wrote: > > On 2003.05.28 20:04:28 +0200, Erik Paulsen Sk?lerud wrote: > >=20 > > > Yeah, I've gotten that far. But, how can I explicity -only- filter ou= t ipfw > > > messages from the default console output? Looks like the only way is = to > > > remove kern.debug :( > >=20 > > I think you can use something like this in syslog.conf (untested) : > >=20 > > !-ipfw > > *.err;kern.debug;auth.notice;mail.crit /dev/console >=20 > This would match log entries generated by a userland application named > 'ipfw'. The ipfw log lines are, however, generated by the *kernel*, and > they would never match this rule. Ehh, I have the following in my syslog.conf, and it works just fine : !ipfw *.* /var/log/ipfw.log I only get lines like : May 20 02:16:28 arthur /kernel: ipfw: 65300 Deny UDP 192.168.3.2:53 192.168= =2E2.3:49239 in via xl0 in var/log/ipfw.log I guess it shouldn't work, but it does :-) --=20 Simon L. Nielsen --X1bOJ3K7DJ5YkBrT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+1RiZ8kocFXgPTRwRAnGuAKCnfMhCFr9IO9rOhn14D6L5bCtt3ACeIHXS 5G9VYTUFbHhBoNHkcsMa6jc= =DWxE -----END PGP SIGNATURE----- --X1bOJ3K7DJ5YkBrT--