From owner-freebsd-security@FreeBSD.ORG Wed May 28 23:37:26 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E109837B401 for ; Wed, 28 May 2003 23:37:26 -0700 (PDT) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id B87B243F93 for ; Wed, 28 May 2003 23:37:22 -0700 (PDT) (envelope-from roam@ringlet.net) Received: (qmail 23928 invoked from network); 29 May 2003 06:30:49 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 29 May 2003 06:30:47 -0000 Received: (qmail 22338 invoked by uid 1000); 29 May 2003 06:40:23 -0000 Date: Thu, 29 May 2003 09:40:23 +0300 From: Peter Pentchev To: "Simon L. Nielsen" Message-ID: <20030529064023.GB1676@straylight.oblivion.bg> Mail-Followup-To: "Simon L. Nielsen" , "Taras Y. NIZHNIK" , security@freebsd.org References: <20030528201417.GA3741@nitro.dk> <20030528233144.R52694-100000@doppelganger.el.ntu-kpi.kiev.ua> <20030528211038.GB3741@nitro.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0eh6TmSyL6TZE2Uz" Content-Disposition: inline In-Reply-To: <20030528211038.GB3741@nitro.dk> User-Agent: Mutt/1.5.4i cc: security@freebsd.org Subject: Re: FW: Question about logging. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 06:37:27 -0000 --0eh6TmSyL6TZE2Uz Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 28, 2003 at 11:10:39PM +0200, Simon L. Nielsen wrote: > On 2003.05.28 23:39:54 +0300, Taras Y. NIZHNIK wrote: > > On Wed, 28 May 2003, Simon L. Nielsen wrote: > > > > This would match log entries generated by a userland application na= med > > > > 'ipfw'. The ipfw log lines are, however, generated by the *kernel*= , and > > > > they would never match this rule. > > > Ehh, I have the following in my syslog.conf, and it works just fine : > > > > > > !ipfw > > > *.* /var/log/ipfw.log > > > > > > I only get lines like : > > > May 20 02:16:28 arthur /kernel: ipfw: 65300 Deny UDP 192.168.3.2:53 1= 92.168.2.3:49239 in via xl0 > > > in var/log/ipfw.log > > > > > > I guess it shouldn't work, but it does :-) > > Why do you think it should not? >=20 > Actually only bacuse Peter Pentchev said it shouldn't, and I didn't read > the manual page carefully enough before posting. >=20 > Thanks for correcting me. Erm.. well.. what can I say :) It's great that there are still people who actually read the manpages, and not just those like me who go with vague memories :) Sorry for the confusion. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If I were you, who would be reading this sentence? --0eh6TmSyL6TZE2Uz Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+1atX7Ri2jRYZRVMRAgESAJwJVBzktjo1rQ1D3AZM2TB+x0Ft3ACePt/A yJMVXH35F6DpkYg89U4gxfA= =9zNN -----END PGP SIGNATURE----- --0eh6TmSyL6TZE2Uz--