From owner-freebsd-questions Wed Jan 16 7:41:33 2002 Delivered-To: freebsd-questions@freebsd.org Received: from rush.telenordia.se (mail.telenordia.se [194.213.64.42]) by hub.freebsd.org (Postfix) with SMTP id 0426237B416 for ; Wed, 16 Jan 2002 07:41:27 -0800 (PST) Received: (qmail 675 invoked from network); 16 Jan 2002 16:41:25 +0100 Received: from bb-62-5-36-29.bb.tninet.se (HELO there) (62.5.36.29) by mail.telenordia.se with SMTP; 16 Jan 2002 16:41:25 +0100 Content-Type: text/plain; charset="iso-8859-1" From: Mark Rowlands To: freebsd-questions@FreeBSD.ORG Subject: Re: ipmon stopped logging. Date: Wed, 16 Jan 2002 16:41:21 +0100 X-Mailer: KMail [version 1.3.2] References: <20020116145906.4CF3637B404@hub.freebsd.org> In-Reply-To: <20020116145906.4CF3637B404@hub.freebsd.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020116154127.0426237B416@hub.freebsd.org> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wednesday 16 January 2002 3:59 pm, Mark Rowlands wrote: > been running ipmon / ipfilter for a while quite happily when.....one fine > day it stopped logging. > > kernel options > > options IPFILTER #ipfilter support > options IPFILTER_LOG #ipfilter logging > options IPFILTER_DEFAULT_BLOCK > > dmesg > IP Filter: v3.4.20 initialized. Default = block all, Logging = enabled > > some sample ipfilter rules from ipfstat > > @7 block in log quick on xl1 proto tcp from any to any flags FPU/FSRPAUC > @8 block in log quick on xl1 from any to any with frag > @9 block in log quick on xl1 from any to 224.0.0.0/3 > @10 block in log quick on xl1 from 169.254.0.0/16 to any > @11 block in log quick on xl1 from 192.168.0.0/16 to any > @12 block in log quick on xl1 from 10.0.0.0/8 to any > @13 block in log quick on xl1 from any to 62.5.39.0/32 > @14 block in log quick on xl1 from any to 62.5.39.255/32 > @15 block in log quick on xl1 from any to 255.255.255.0/24 > @16 block return-rst in log quick on xl1 proto tcp from any to any > > (this is not my normal config, I added the logging on these rules to > ensure that there would definitely be something to log) > > syslog.conf > > local0.* -/var/log/firewall_logs thats why...... should be local0.* /var/log/firewall_logs don't know where the - came from though > ls -al /var/log/fire* > -rw-r--r-- 1 root wheel 0 Jan 16 12:48 firewall_logs > > and ipmon runs as ipmon -Dsv > > uname :- > FreeBSD pcmarpxy 4.5-RC FreeBSD 4.5-RC #0: Tue Jan 15 21:51:55 CET 2002 > > This was working quite happily and no, I can' t specifically remember > changing anything that might stop it from working. > > Any suggestions as where the problem might lie? -- Please do not look directly into laser with remaining eye. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message