From owner-freebsd-security@FreeBSD.ORG Wed May 28 14:10:42 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 39ED637B401 for ; Wed, 28 May 2003 14:10:42 -0700 (PDT) Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95DBA43F3F for ; Wed, 28 May 2003 14:10:41 -0700 (PDT) (envelope-from simon@arthur.nitro.dk) Received: by arthur.nitro.dk (Postfix, from userid 1000) id 0A07910BF89; Wed, 28 May 2003 23:10:40 +0200 (CEST) Date: Wed, 28 May 2003 23:10:39 +0200 From: "Simon L. Nielsen" To: "Taras Y. NIZHNIK" Message-ID: <20030528211038.GB3741@nitro.dk> References: <20030528201417.GA3741@nitro.dk> <20030528233144.R52694-100000@doppelganger.el.ntu-kpi.kiev.ua> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="s2ZSL+KKDSLx8OML" Content-Disposition: inline In-Reply-To: <20030528233144.R52694-100000@doppelganger.el.ntu-kpi.kiev.ua> User-Agent: Mutt/1.5.4i cc: security@freebsd.org Subject: Re: FW: Question about logging. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 21:10:42 -0000 --s2ZSL+KKDSLx8OML Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2003.05.28 23:39:54 +0300, Taras Y. NIZHNIK wrote: > On Wed, 28 May 2003, Simon L. Nielsen wrote: > > > This would match log entries generated by a userland application named > > > 'ipfw'. The ipfw log lines are, however, generated by the *kernel*, = and > > > they would never match this rule. > > Ehh, I have the following in my syslog.conf, and it works just fine : > > > > !ipfw > > *.* /var/log/ipfw.log > > > > I only get lines like : > > May 20 02:16:28 arthur /kernel: ipfw: 65300 Deny UDP 192.168.3.2:53 192= =2E168.2.3:49239 in via xl0 > > in var/log/ipfw.log > > > > I guess it shouldn't work, but it does :-) > Why do you think it should not? Actually only bacuse Peter Pentchev said it shouldn't, and I didn't read the manual page carefully enough before posting. Thanks for correcting me. --=20 Simon L. Nielsen --s2ZSL+KKDSLx8OML Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+1SXO8kocFXgPTRwRAvg5AJ4q63RL7epCHmiLxoT9Nnc7zkbYhACglzEx fIGgywOgplHdmbTNEXDcC/Y= =qMz+ -----END PGP SIGNATURE----- --s2ZSL+KKDSLx8OML--