From owner-freebsd-questions Fri Apr 13 11:18:34 2001 Delivered-To: freebsd-questions@freebsd.org Received: from istar.ca (d141-119-162.home.cgocable.net [24.141.119.162]) by hub.freebsd.org (Postfix) with ESMTP id E6F2F37B443 for ; Fri, 13 Apr 2001 11:18:29 -0700 (PDT) (envelope-from genisis@istar.ca) Received: (from genisis@localhost) by istar.ca (8.11.1/8.11.1) id f3DILtw07172; Fri, 13 Apr 2001 14:21:55 -0400 (EDT) (envelope-from genisis) Date: Fri, 13 Apr 2001 14:21:55 -0400 (EDT) From: Dru To: Kent Stewart Cc: questions@FreeBSD.ORG Subject: Re: ipfw logging In-Reply-To: <3AD7347F.C2D8C09B@urx.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thanks to all that have replied so far. I wasn't getting anything to /var/log/security either so I started commenting out lines in my ruleset and have narrowed down the problem to being with my dynamic rules. I originally had this: #from man 8 ipfw: allow only connections I've created add 00300 check-state add 00301 deny tcp from any to any established add 00302 allow tcp from any to any setup keep-state #log all failed attempts add 00303 deny log logamount 1 tcp from any to any in setup I've tried rule 00301 with and without the "log" keyword. If I comment out those first 3 rules (they're at the very top of my rule-set), it logs to /var/log/security and I effectively shutdown all connection attempts to my box. Any suggestions on how to keep the dynamic rules and still get logs? Dru On Fri, 13 Apr 2001, Kent Stewart wrote: > > > Dru wrote: > > > > Have ipfw running fine on 4.2-Release, it logs beautifully to the console > > the packets that I would expect to see logged. However, I must be missing > > something obvious as it refuses to log to a file. Here's the appropriate > > lines that I've added to: > > Did you look at what is being logged to /var/log/security? > > Kent > > > > > /etc/rc.conf > > firewall_logging_enable="YES" > > > > /etc/syslog.conf > > !ipfw > > *.* /var/log/ipfwlog > > > > I added those 2 lines at the bottom of syslog.conf and I used TABs, not > > spaces. > > > > I then "touch"ed /var/log/ipfwlog, and have left the default permissions > > on for the moment: > > > > ls -l /var/log/ipfwlog > > -rw-r--r-- 1 root wheel 0 Apr 13 12:58 /var/log/ipfwlog > > > > Am I missing a typo or something, or have I forgotten to add another line > > someplace? I've "hup"ped syslogd umpteen times, not to mention re-booting > > several times. > > > > TIA, > > > > Dru > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- > Kent Stewart > Richland, WA > > mailto:kbstew99@hotmail.com > http://kstewart.urx.com/kstewart/index.html > FreeBSD News http://daily.daemonnews.org/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message