From owner-freebsd-questions Fri Sep 15 14:15:51 2000 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (zoom2-215.telepath.com [216.14.2.215]) by hub.freebsd.org (Postfix) with SMTP id DEADE37B423 for ; Fri, 15 Sep 2000 14:15:46 -0700 (PDT) Received: (qmail 34381 invoked by uid 100); 15 Sep 2000 21:15:45 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14786.37248.901508.157471@guru.mired.org> Date: Fri, 15 Sep 2000 16:15:44 -0500 (CDT) To: "Jeff Vehrs" Cc: freebsd-questions@freebsd.org Subject: Re: ipfw log to dmesg??!! not security.log??!! In-Reply-To: <8625695B.00738F41.00@lintng1.hewitt.com> References: <8625695B.00738F41.00@lintng1.hewitt.com> X-Mailer: VM 6.72 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Jeff Vehrs writes: > Hmm... ok. Now, I have another question. Is there a way for me to "redirect" > ipfw messages away to the correct file? It sounds like you're still confused. On the other hand, you're also following common usage. My apologies if that's the case. ipfw doesn't log these deny messages. They come from the kernel firewall facility. ipfw is a command for configuring that facility. Those messaages aren't in the *wrong* file. They aren't in a file at all - they're in the the buffer that the dmesg command prints. That's where *all* kernel messages go, period. That includes the boot messages, informative messages from file systems, error messages from device drivers, etc. Now, you might be able to use syslog to send them to /etc/security.log as well; I don't have the kernel firewall turned on on any boxes at the moment to check on that capability with. Alternatively, you could use a userland firewall facility (/usr/ports/security/tcp_wrapper, for instance) to log these things wherever you want them. > > > From: Mike Meyer on 09/15/2000 02:28 PM > > To: Jeff Vehrs/National/Hewitt Associates@Hewitt Associates NA > cc: > Client: > Subject: Re: ipfw log to dmesg??!! not security.log??!! > > > > Jeff Vehrs writes: > > Yes. It is there in /etc/syslog.conf. > > > > However, I just type 'dmesg' and it has all ipfw "deny" messages, no more > > information(such as cdrom, video, etc...) there. What's the heck is going on? > > dmesg displays the system messages buffer. The kernel firewall > facility uses that, just like the boot information you're referring > to. You've apparently got enough ip stuff logged that the buffer has > filled, and the boot information is now gone. > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message