Date: Sat, 22 Apr 2000 21:21:23 +1000 From: Duncan <arakias@bigpond.com> To: freebsd-questions@freebsd.org Subject: RE: logging Message-ID: <4.2.0.58.20000422210456.00b4f990@mail.bigpond.com>
next in thread | raw e-mail | index | archive | help
I have IPFIREWALL_VERBOSE in the kernel and i used tabs in syslog.conf. I tried killing syslogd and restarting it but still nothing. I have only just noticed the following line in dmesg - 'IP packet filtering initialized, divert enabled, rule-based forwarding disabled, logging disabled' <---- is this the source of my troubles ??? I have blindly messed around some but can never get that enabled. Anyways i have just ordered 4.0 so i wont worry too much for now Thanks for all the suggestions >I am not sure about the 3.2 kernel, but in 4.0 you can add >IPFIREWALL_VERBOSE to your kernel. Also try and have a look at whether >using the sysctl(8) interface in the MIB base of net.inet.ip.fw can do >what you need. I read the above from the ipfw man page. >My syslog.conf file only has >security.* /var/log/security >for the security logs, and that seems to work. >One other thing, did you make sure that you have tabs and NOT spaces >separating the *.* and /var/log/ipfw in your syslog.conf file? >By the way, I just tried your method on my firewall logs and it worked. See >if it is the spaces. Thank you. >Hope that helps. I wish I knew more about 3.2. >Andrew. >On Sat, Apr 22, 2000 at 08:36:43AM +1000, Duncan wrote: > yes the only thing i am getting in security is users logging in, > su and bad su etc.... > > > > >Fri Apr 21 12:36:30 EDT 2000 > >Hi, > >I get my firewall logs in /var/log/security > >Have you looked there. > >Andrew. > > > > > >On Fri, Apr 21, 2000 at 09:03:33PM +1000, Duncan wrote: > > Hello > > > > I'm am having trouble with my logs. > > I have tried various things like adding ' log_in_vain="YES" ' in rc.conf > > (which i read from a post on the security list) > > > > !ipfw > > *.* /var/log/ipfw > > > > but the only information i am getting is stuff like : > > > > 00200 0 0 deny ip from any to 127.0.0.0/8 > > 01400 20 1008 deny log tcp from any to any via ppp0 setup > > 65535 602 28986 deny ip from any to any > > > > (from /var/log/ipfw.today) which by itself is useless for me. > > I am trying to set it up so i can see the source address and ports so i at > > least > > can see more of what's going on. > > > > I have a custom kernel with the ipfirewall and divert for natd and am > currently > > running 3.2-release. > > sorry for not giving more information but i am new to this and not sure > > what else > > to put. > > > > Any help is much appreciated > > Thank you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.20000422210456.00b4f990>