From owner-freebsd-questions@FreeBSD.ORG Fri Dec 5 16:07:37 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B9E461065672 for ; Fri, 5 Dec 2008 16:07:37 +0000 (UTC) (envelope-from eagletree@hughes.net) Received: from smtprelay.b.hostedemail.com (smtprelay0149.b.hostedemail.com [64.98.42.149]) by mx1.freebsd.org (Postfix) with ESMTP id 71D618FC1F for ; Fri, 5 Dec 2008 16:07:37 +0000 (UTC) (envelope-from eagletree@hughes.net) Received: from filter.hostedemail.com (b-bigip1 [10.5.19.254]) by smtprelay01.b.hostedemail.com (Postfix) with SMTP id 559603211A7D; Fri, 5 Dec 2008 16:07:36 +0000 (UTC) X-SpamScore: 1 X-Spam-Summary: 2, 0, 0, 93c8e6168a8a0b76, 944facfeb153b4f0, eagletree@hughes.net, freebsd-questions@freebsd.org:dweimer@orscheln.com, RULES_HIT:355:379:541:564:599:601:945:946:966:967:972:973:980:982:988:989:1042:1260:1261:1277:1311:1313:1314:1345:1359:1437:1515:1516:1518:1534:1544:1593:1594:1605:1711:1730:1747:1766:1792:2196:2199:2379:2393:2525:2553:2559:2564:2682:2685:2692:2693:2857:2859:2892:2894:2895:2933:2937:2939:2942:2945:2947:2951:2954:3022:3027:3865:3866:3867:3868:3869:3870:3871:3872:3873:3874:3876:3877:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4250:4385:4605:4860:5007:6114:6117:7652:7679:7875:7903:7904:8501:8599:9010:9025:9388, 0, RBL:none, CacheIP:none, Bayesian:0.5, 0.5, 0.5, Netcheck:none, DomainCache:0, MSF:not bulk, SPF:, MSBL:none, DNSBL:none Received: from [192.168.0.3] (dpc6744118153.direcpc.com [67.44.118.153]) (Authenticated sender: eagletree@hughes.net) by omf08.b.hostedemail.com (Postfix) with ESMTP; Fri, 5 Dec 2008 16:07:28 +0000 (UTC) In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v753) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Chris Date: Fri, 5 Dec 2008 08:07:19 -0800 To: Dean Weimer X-Mailer: Apple Mail (2.753) X-session-marker: 6561676C6574726565406875676865732E6E6574 Cc: freebsd-questions@freebsd.org Subject: Re: IPFilter section in Handbook needs updating X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Dec 2008 16:07:37 -0000 On Dec 5, 2008, at 7:07 AM, Dean Weimer wrote: > I was just setting up ipfilter and ipmon on a FreeBSD 7 server, and > noticed that the ipmon and syslog information under the ipfilter > section of the handbook is incorrect. > A couple of years back, I submitted a one liner to some email address of a documentation maintainer. I just looked on the site and couldn't find this address. Instead, it said if you have a change, it suggested putting in a PR. It sounds like it you should create a diff of the current wording and your recommended change. Here is where I was looking: http://www.freebsd.org/docproj/submitting.html > The section reads: > -----snip----- > 31.5.7 IPMON Logging > Syslogd uses its own special method for segregation of log data. It > uses special groupings called "facility" and "level". IPMON in -Ds > mode uses security as the "facility" name. All IPMON logged data > goes to security The following levels can be used to further > segregate the logged data if desired: > LOG_INFO - packets logged using the "log" keyword as the action > rather than pass or block. > LOG_NOTICE - packets logged which are also passed > LOG_WARNING - packets logged which are also blocked > LOG_ERR - packets which have been logged and which can be > considered short > To setup IPFILTER to log all data to /var/log/ipfilter.log, you > will need to create the file. The following command will do that: > # touch /var/log/ipfilter.log > The syslog function is controlled by definition statements in the / > etc/syslog.conf file. The syslog.conf file offers considerable > flexibility in how syslog will deal with system messages issued by > software applications like IPF. > Add the following statement to /etc/syslog.conf: > security.* /var/log/ipfilter.log > The security.* means to write all the logged messages to the coded > file location. > To activate the changes to /etc/syslog.conf you can reboot or bump > the syslog task into re-reading /etc/syslog.conf by running /etc/ > rc.d/syslogd reload > Do not forget to change /etc/newsyslog.conf to rotate the new log > you just created above. > -----snip----- > > In trying to configure this I found that ipmon -Dsa doesn't log to > security, but logs to local0 instead. Reading the man page for > ipmon does in fact state this. However it also list the -L option > as being able to change this default behavior, I tried ipmon -DSa - > L security, it excepts this, but doesn't actually change the > logging to use security. It still only outputs to the syslog using > local0, I also tried using ipmon -DSa -L local7 as well, still > outputs to local0. It was easy enough to modify my syslog.conf to > output the local0.* as well as security.* to the /var/log/security > file. However it would be greatly appreciated if someone that > actually understands what's going on here could get this info > updated. It would have saved me some time, as well as I am sure > some other people in the future. Of course it's always possible I > am missing something simple here that is causing this discrepancy, > please do inform me if I did. It's probably worth mentioning that > I am starting ipmon using the rc.conf file with ipmon_enable="YES" > and ipmon_flags="-DSa", just in case the /etc/rc.d/ipmon script > actually changes the default behavior of ipmon in some way, though > I didn't see anything in it that should. And ps wwaux | grep ipmon > does display the process running with the flags exactly as stated > on the ipmon_flags line of the /etc/rc.conf file. > > Thanks, > Dean Weimer > Network Administrator > Orscheln Management Co > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" >