From owner-freebsd-questions Sat Apr 22 4:30:22 2000 Delivered-To: freebsd-questions@freebsd.org Received: from teapot32.domain8.bigpond.com (teapot32.domain8.bigpond.com [139.134.5.180]) by hub.freebsd.org (Postfix) with SMTP id BCCB237B9B5 for ; Sat, 22 Apr 2000 04:30:12 -0700 (PDT) (envelope-from arakias@bigpond.com) Received: from localhost (localhost [127.0.0.1]) by teapot32.domain8.bigpond.com (NTMail 3.02.13) with ESMTP id ta193329 for ; Sat, 22 Apr 2000 21:24:10 +1000 Received: from MLIP-A-003-pool-141.tmns.net.au ([139.134.240.141]) by mail8.bigpond.com (Claudes-Bashful-MailRouter V2.7e 17/9076106); 22 Apr 2000 21:24:08 Message-Id: <4.2.0.58.20000422210456.00b4f990@mail.bigpond.com> X-Sender: arakias@mail.bigpond.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Sat, 22 Apr 2000 21:21:23 +1000 To: freebsd-questions@freebsd.org From: Duncan Subject: RE: logging Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have IPFIREWALL_VERBOSE in the kernel and i used tabs in syslog.conf. I tried killing syslogd and restarting it but still nothing. I have only just noticed the following line in dmesg - 'IP packet filtering initialized, divert enabled, rule-based forwarding disabled, logging disabled' <---- is this the source of my troubles ??? I have blindly messed around some but can never get that enabled. Anyways i have just ordered 4.0 so i wont worry too much for now Thanks for all the suggestions >I am not sure about the 3.2 kernel, but in 4.0 you can add >IPFIREWALL_VERBOSE to your kernel. Also try and have a look at whether >using the sysctl(8) interface in the MIB base of net.inet.ip.fw can do >what you need. I read the above from the ipfw man page. >My syslog.conf file only has >security.* /var/log/security >for the security logs, and that seems to work. >One other thing, did you make sure that you have tabs and NOT spaces >separating the *.* and /var/log/ipfw in your syslog.conf file? >By the way, I just tried your method on my firewall logs and it worked. See >if it is the spaces. Thank you. >Hope that helps. I wish I knew more about 3.2. >Andrew. >On Sat, Apr 22, 2000 at 08:36:43AM +1000, Duncan wrote: > yes the only thing i am getting in security is users logging in, > su and bad su etc.... > > > > >Fri Apr 21 12:36:30 EDT 2000 > >Hi, > >I get my firewall logs in /var/log/security > >Have you looked there. > >Andrew. > > > > > >On Fri, Apr 21, 2000 at 09:03:33PM +1000, Duncan wrote: > > Hello > > > > I'm am having trouble with my logs. > > I have tried various things like adding ' log_in_vain="YES" ' in rc.conf > > (which i read from a post on the security list) > > > > !ipfw > > *.* /var/log/ipfw > > > > but the only information i am getting is stuff like : > > > > 00200 0 0 deny ip from any to 127.0.0.0/8 > > 01400 20 1008 deny log tcp from any to any via ppp0 setup > > 65535 602 28986 deny ip from any to any > > > > (from /var/log/ipfw.today) which by itself is useless for me. > > I am trying to set it up so i can see the source address and ports so i at > > least > > can see more of what's going on. > > > > I have a custom kernel with the ipfirewall and divert for natd and am > currently > > running 3.2-release. > > sorry for not giving more information but i am new to this and not sure > > what else > > to put. > > > > Any help is much appreciated > > Thank you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message