From owner-freebsd-questions@FreeBSD.ORG Fri Apr 1 20:32:50 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1ADBC16A4CE for ; Fri, 1 Apr 2005 20:32:50 +0000 (GMT) Received: from smtpq1.home.nl (smtpq1.home.nl [213.51.128.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 427C943D46 for ; Fri, 1 Apr 2005 20:32:49 +0000 (GMT) (envelope-from danny@ricin.com) Received: from [213.51.128.135] (port=33533 helo=smtp4.home.nl) by smtpq1.home.nl with esmtp (Exim 4.30) id 1DHSoy-0008UJ-K5 for freebsd-questions@freebsd.org; Fri, 01 Apr 2005 22:32:48 +0200 Received: from cp464173-a.dbsch1.nb.home.nl ([84.27.215.228]:58919 helo=desktop.homenet) by smtp4.home.nl with esmtp (Exim 4.30) id 1DHSox-0006fR-LI for freebsd-questions@freebsd.org; Fri, 01 Apr 2005 22:32:47 +0200 From: Danny Pansters To: freebsd-questions@freebsd.org Date: Fri, 1 Apr 2005 22:32:38 +0200 User-Agent: KMail/1.8 References: <040120051850.5087.424D97F3000D1BDB000013DF2205889116CFCFCECC0D9CCD9C0E@comcast.net> In-Reply-To: <040120051850.5087.424D97F3000D1BDB000013DF2205889116CFCFCECC0D9CCD9C0E@comcast.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200504012232.38210.danny@ricin.com> X-AtHome-MailScanner-Information: Please contact support@home.nl for more information X-AtHome-MailScanner: Found to be clean Subject: Re: ipmon logging X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Apr 2005 20:32:50 -0000 On Friday 01 April 2005 20:50, as2sb3100@comcast.net wrote: > According to every website I've read so far ipmon uses local0 as the > facility name. However, on my FreeBSD 5.3-RELEASE-p5 box, it logs to the > security facility. The man page (in both 5.2.1 and 5.3) for ipmon, with = =2Ds > for logging to syslog says, "The default facility when compiled and > installed is security". Can anyone explain this? I'd like ipmon to log = to > a separate file so it doesn't fill up the security log. I've tried having > ipmon log directly to a file, and not using syslog, but it stops logging > when newsyslog rotates the file. Does anyone have any suggestions on what > I could or should do? =46rom /etc/defaults/rc.conf: ipmon_flags=3D"-Ds" # typically "-Ds" or "-D /var/log/ipflog" So use ipmon_flags=3D"-D /var/log/ipmon" or so in your /etc/rc.conf. It's=20 sensible to have a seperate ipf logfile. HTH, Dan