From owner-freebsd-security  Thu Jun 21 12:58:29 2001
Delivered-To: freebsd-security@freebsd.org
Received: from asgard.inter.net.il (asgard.inter.net.il [192.114.186.12])
	by hub.freebsd.org (Postfix) with ESMTP id 9993037B406
	for <security@FreeBSD.ORG>; Thu, 21 Jun 2001 12:58:25 -0700 (PDT)
	(envelope-from bk532@iname.com)
Received: from bk532nb.local.net (diup-202-58.inter.net.il [213.8.202.58])
	by asgard.inter.net.il (Mirapoint)
	with ESMTP id KLR80253;
	Thu, 21 Jun 2001 22:56:59 +0300 (IDT)
Received: (from boris@localhost)
	by bk532nb.local.net (8.11.4/8.11.4) id f5LJssE09415;
	Thu, 21 Jun 2001 22:54:54 +0300 (IDT)
	(envelope-from boris)
Date: Thu, 21 Jun 2001 22:54:54 +0300
From: Boris Karnaukh <bk532@iname.com>
To: "Nickolay A. Kritsky" <nkritsky@internethelp.ru>
Cc: security@FreeBSD.ORG
Subject: Re: IPFW logging
Message-ID: <20010621225454.A9402@bk532nb.local.net>
References: <015c01c0fa4a$da371220$0600a8c0@ibmka.internethelp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <015c01c0fa4a$da371220$0600a8c0@ibmka.internethelp.ru>; from nkritsky@internethelp.ru on Thu, Jun 21, 2001 at 04:08:14PM +0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Jun 21, 2001 at 04:08:14PM +0400, Nickolay A. Kritsky wrote:
>     Hi all!
>     I am puzzled with one little question: what logging facility does ipfw use and where should I patch it to make it log to some
> other log facility?

IPFW activity is logged by security logging facility and goes by default to /var/log/security. You can't change facility without patching ipfw source, but you can try to filter it's messages using syslog functionality using something like:

!ipfw
*.*		/var/log/ipfw.log

>     I am newbie to UNIX syslogd and have another question: can I add another one log facility in system?
> 

You can use one of local[0-7] facilities. They are specifically reserved for end user use.

-- 
<Signed>
Boris Karnaukh 	(mailto:bk532@iname.com)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message