Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 22 Apr 2000 21:21:23 +1000
From:      Duncan <arakias@bigpond.com>
To:        freebsd-questions@freebsd.org
Subject:   RE: logging
Message-ID:  <4.2.0.58.20000422210456.00b4f990@mail.bigpond.com>

next in thread | raw e-mail | index | archive | help
I have IPFIREWALL_VERBOSE in the kernel and i used tabs in syslog.conf.
I tried killing syslogd and restarting it but still nothing.
I have only just noticed the following line in dmesg -
'IP packet filtering initialized, divert enabled, rule-based forwarding 
disabled,
logging disabled'   <---- is this the source of my troubles ???
I have blindly messed around some but can never get that enabled.

Anyways i have just ordered 4.0 so i wont worry too much for now
Thanks for all the suggestions

 >I am not sure about the 3.2 kernel, but in 4.0 you can add
 >IPFIREWALL_VERBOSE to your kernel. Also try and have a look at whether
 >using the sysctl(8) interface in the MIB base of net.inet.ip.fw can do
 >what you need. I read the above from the ipfw man page.
 >My syslog.conf file only has
 >security.* /var/log/security
 >for the security logs, and that seems to work.
 >One other thing, did you make sure that you have tabs and NOT spaces
 >separating the *.* and /var/log/ipfw in your syslog.conf file?
 >By the way, I just tried your method on my firewall logs and it worked. See
 >if it is the spaces. Thank you.
 >Hope that helps. I wish I knew more about 3.2.
 >Andrew.




 >On Sat, Apr 22, 2000 at 08:36:43AM +1000, Duncan wrote:
 > yes the only thing i am getting in security is users logging in,
 > su and bad su etc....
 >
 >
 >
 > >Fri Apr 21 12:36:30 EDT 2000
 > >Hi,
 > >I get my firewall logs in /var/log/security
 > >Have you looked there.
 > >Andrew.
 > >
 > >
 > >On Fri, Apr 21, 2000 at 09:03:33PM +1000, Duncan wrote:
 > > Hello
 > >
 > > I'm am having trouble with my logs.
 > > I have tried various things like adding ' log_in_vain="YES" ' in rc.conf
 > > (which i read from a post on the security list)
 > >
 > > !ipfw
 > > *.* /var/log/ipfw
 > >
 > > but the only information i am getting is stuff like :
 > >
 > > 00200 0 0 deny ip from any to 127.0.0.0/8
 > > 01400 20 1008 deny log tcp from any to any via ppp0 setup
 > > 65535 602 28986 deny ip from any to any
 > >
 > > (from /var/log/ipfw.today) which by itself is useless for me.
 > > I am trying to set it up so i can see the source address and ports so 
i at
 > > least
 > > can see more of what's going on.
 > >
 > > I have a custom kernel with the ipfirewall and divert for natd and am
 > currently
 > > running 3.2-release.
 > > sorry for not giving more information but i am new to this and not sure
 > > what else
 > > to put.
 > >
 > > Any help is much appreciated
 > > Thank you.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.20000422210456.00b4f990>