From owner-freebsd-security  Mon Dec  8 07:56:42 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id HAA16626
          for security-outgoing; Mon, 8 Dec 1997 07:56:42 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from Kitten.mcs.com (Kitten.mcs.com [192.160.127.90])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA16621
          for <freebsd-security@FreeBSD.ORG>; Mon, 8 Dec 1997 07:56:40 -0800 (PST)
          (envelope-from nash@Venus.mcs.net)
Received: from Venus.mcs.net (nash@Venus.mcs.net [192.160.127.92]) by Kitten.mcs.com (8.8.7/8.8.2) with ESMTP id JAA04939; Mon, 8 Dec 1997 09:56:39 -0600 (CST)
Received: from localhost (nash@localhost) by Venus.mcs.net (8.8.7/8.8.2) with SMTP id JAA26173; Mon, 8 Dec 1997 09:56:38 -0600 (CST)
Date: Mon, 8 Dec 1997 09:56:38 -0600 (CST)
From: Alex Nash <nash@Mcs.Net>
To: Jan Koum <jkb@best.com>
cc: Nate Williams <nate@mt.sri.com>, freebsd-security@FreeBSD.ORG
Subject: Re: ipfw WAS: Re: [linux-security] New Program: Abacus Sentry
In-Reply-To: <Pine.BSF.3.96.971208010301.24278A-100000@shell6.ba.best.com>
Message-ID: <Pine.BSF.3.95.971208095421.25350B-100000@Venus.mcs.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 8 Dec 1997, Jan Koum wrote:

> 	Actually, the above can also be considered security problem since
> people can't see if they were attacked two days or weeks ago. Too much 
> stuff gets logged in and gets pushed from the dmesg buffer.
> 	It would be really nice to be able to log ipfw to hard drive with
> the date/time of packets being denied. Man page for ipfw SEE ALSO reffers
> to syslog(8), but:
> % grep syslog /usr/src/sbin/ipfw/ipfw.c
> %

You're looking in the wrong place, see /usr/src/sys/netinet/ip_fw.c
instead.  ipfw uses the kernel's printf, which does get picked up by
syslog.

Alex