From owner-freebsd-isp Mon Dec 21 19:08:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA08842 for freebsd-isp-outgoing; Mon, 21 Dec 1998 19:08:22 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from aniwa.sky (p42-max7.wlg.ihug.co.nz [209.79.142.170]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA08832 for ; Mon, 21 Dec 1998 19:08:11 -0800 (PST) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.8/8.8.7) with ESMTP id QAA25441; Tue, 22 Dec 1998 16:07:03 +1300 (NZDT) (envelope-from andrew@squiz.co.nz) Date: Tue, 22 Dec 1998 16:07:02 +1300 (NZDT) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: Karl Pielorz cc: Jeremy Shaffner , isp@FreeBSD.ORG Subject: Re: Alternate ipfw log file (Re: IPFW, logging and Syslog) In-Reply-To: <367EF82A.C28ADE64@tdx.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 22 Dec 1998, Karl Pielorz wrote: > Jeremy Shaffner wrote: > > > > While we're on the subject of IPFW logging, how do you get ipfw to log to > > a file other than messages? > > > > -Jeremy > > Good question... I guess /etc/syslog.conf, but as to exactly what to put in > there, I don't know... A lot of our machines run with "*.* /var/log/messages" > - I'll see if I can find out while I'm looking at Syslog... It's in the example in "man syslog.conf". !ipfw *.* /var/log/ipfw > I'd guess the IPFW.'message repeated' hack is going to be nasty(ish) as no one > else seems interested... There's a good reason for this behaviour - it helps to stop DOS due to your disk being filled. IPFW does have it's own mechanism for this of course. It's pretty trivial to filter your logs to expand out those 'message repeated' messages. You lose a little bit of detail in your time stamps, but it might give you what you need in order to run it through some other processing stage. #!/usr/local/bin/perl $|=1; while (<>) { if (/^.{15} \w+ last message repeated (\d+) times$/ ) { for (1..$1) {print $last} } else { $last = $_; print; } } The alternative would be to hack /usr/src/usr.sbin/syslogd/syslogd.c and modify the condition found at line 698 (in my 2.2.7-RELEASE source). You could either just disable the conditional, disable if a command line flag is set, or disable if (strcmp(prog, "ipfw") ==0). Depends exactly what you're trying to accomplish. Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message