Date: Fri, 13 Apr 2001 14:21:55 -0400 (EDT) From: Dru <genisis@istar.ca> To: Kent Stewart <kstewart@urx.com> Cc: questions@FreeBSD.ORG Subject: Re: ipfw logging Message-ID: <Pine.BSF.4.21.0104131417080.7159-100000@istar.ca> In-Reply-To: <3AD7347F.C2D8C09B@urx.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks to all that have replied so far. I wasn't getting anything to /var/log/security either so I started commenting out lines in my ruleset and have narrowed down the problem to being with my dynamic rules. I originally had this: #from man 8 ipfw: allow only connections I've created add 00300 check-state add 00301 deny tcp from any to any established add 00302 allow tcp from any to any setup keep-state #log all failed attempts add 00303 deny log logamount 1 tcp from any to any in setup I've tried rule 00301 with and without the "log" keyword. If I comment out those first 3 rules (they're at the very top of my rule-set), it logs to /var/log/security and I effectively shutdown all connection attempts to my box. Any suggestions on how to keep the dynamic rules and still get logs? Dru On Fri, 13 Apr 2001, Kent Stewart wrote: > > > Dru wrote: > > > > Have ipfw running fine on 4.2-Release, it logs beautifully to the console > > the packets that I would expect to see logged. However, I must be missing > > something obvious as it refuses to log to a file. Here's the appropriate > > lines that I've added to: > > Did you look at what is being logged to /var/log/security? > > Kent > > > > > /etc/rc.conf > > firewall_logging_enable="YES" > > > > /etc/syslog.conf > > !ipfw > > *.* /var/log/ipfwlog > > > > I added those 2 lines at the bottom of syslog.conf and I used TABs, not > > spaces. > > > > I then "touch"ed /var/log/ipfwlog, and have left the default permissions > > on for the moment: > > > > ls -l /var/log/ipfwlog > > -rw-r--r-- 1 root wheel 0 Apr 13 12:58 /var/log/ipfwlog > > > > Am I missing a typo or something, or have I forgotten to add another line > > someplace? I've "hup"ped syslogd umpteen times, not to mention re-booting > > several times. > > > > TIA, > > > > Dru > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- > Kent Stewart > Richland, WA > > mailto:kbstew99@hotmail.com > http://kstewart.urx.com/kstewart/index.html > FreeBSD News http://daily.daemonnews.org/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104131417080.7159-100000>