From owner-freebsd-questions  Fri Jan  2 02:17:22 1998
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id CAA22864
          for questions-outgoing; Fri, 2 Jan 1998 02:17:22 -0800 (PST)
          (envelope-from owner-freebsd-questions)
Received: from kott.my.domain (root@pm143-27.dialip.mich.net [198.110.144.37])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id CAA22853
          for <freebsd-questions@freebsd.org>; Fri, 2 Jan 1998 02:17:16 -0800 (PST)
          (envelope-from dakott@alpha.delta.edu)
Received: from kott.my.domain (dakott@kott.my.domain [192.168.0.1])
	by kott.my.domain (8.8.8/8.8.5) with SMTP id FAA01068
	for <freebsd-questions@freebsd.org>; Fri, 2 Jan 1998 05:10:28 -0500 (EST)
Date: Fri, 2 Jan 1998 05:08:59 -0500 (EST)
From: David Kott <dakott@alpha.delta.edu>
To: freebsd-questions@freebsd.org
Subject: logging ipfirewall LOG directives through syslogd
Message-ID: <Pine.BSF.3.96.980102045028.1014A-100000@kott.my.domain>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


I use the kernel IP firewall and use the "log" directive to alert me
to possibly nefarious network traffic.  However, I would like to channel
these messages through the syslog facility.  I added some code to the
kernel ip firewall to (apparently) log messages via the syslog() 
interface.  This is an example of what I added to:
FreeBSD 2.2.5-STABLE #0: Thu Jan  1 20:22:27 EST 1998
 
src/sys/netinet/ip_fw.c : ipfw_report(yutta, yutta..) 

...
openlog("ipfw",LOG_NDELAY,LOG_LOCAL7);
...

/* Print command name */
+       sprintf(buf,"ipfw: %d ", f ? f->fw_number : -1); 
-       printf("ipfw: %d ", f ? f->fw_number : -1);
        if (!f) 
+                sprintf(buf,"Refuse"); 
-                printf("Refuse");
        else
                switch (f->fw_flg & IP_FW_F_COMMAND) {
                case IP_FW_F_DENY: 
+                       sprintf(buf,"Deny"); 
-                       printf("Deny");
                        break;
....

syslog(LOG_INFO,buf);


Basically, removing all the kernel printf()'s, and replacing them with a
formatted print to a character string "buf".  Then, at the end, when all
those messages have concatenated appropriately into the line that would
normally get dumped on the console (or whathaveyou), I call syslog() and
send it to the syslog daemon.  However, when I attempt to compile my new
kernel, I get a message at the end, during the final link:

...
loading kernel 

ip_fw.o: Undefined symbol `_openlog' referenced from text
segment ip_fw.o: Undefined symbol `_syslog' referenced from text segment

*** Error code 1
                                                                                
Stop.

The only thing I am sure about is that I should leave kernel programming
to people who do it best.. namely, not myself!  In any case, if you have
any insight into what I am trying to do, and can suggest a solution, I
would LOVE to hear from you.

								-d