From owner-freebsd-security  Thu Jan 27  8:17: 8 2000
Delivered-To: freebsd-security@freebsd.org
Received: from tetron02.tetronsoftware.com (ftp.tetronsoftware.com [208.236.46.106])
	by hub.freebsd.org (Postfix) with ESMTP id 94A3A15684
	for <freebsd-security@FreeBSD.ORG>; Thu, 27 Jan 2000 08:17:01 -0800 (PST)
	(envelope-from zeus@tetronsoftware.com)
Received: from tetron02.tetronsoftware.com (tetron02.tetronsoftware.com [208.236.46.106])
	by tetron02.tetronsoftware.com (8.9.3/8.9.3) with ESMTP id KAA03250;
	Thu, 27 Jan 2000 10:19:15 -0600 (CST)
	(envelope-from zeus@tetronsoftware.com)
Date: Thu, 27 Jan 2000 10:19:15 -0600 (CST)
From: Gene Harris <zeus@tetronsoftware.com>
To: Brett Glass <brett@lariat.org>
Cc: The Mad Scientist <madscientist@thegrid.net>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Riddle me this
In-Reply-To: <4.2.2.20000127084138.0454fba0@localhost>
Message-ID: <Pine.BSF.4.10.10001271010530.3225-100000@tetron02.tetronsoftware.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I prefer a slightly different approach. My syslog.conf file
contains the two lines:

!ipfw
*.*			/var/log/ipfw

I like to keep the ipfw stuff separate, because I have a
nightly procedure that copies the daily logs to NT, rolls
them into an Access MDB file and then rolls over the log.
If you keep your ipfw messages separate, they are a lot
easier to study in a spreadsheet or a local database.

For instant viewing, I have created an additional entry in
xlogmaster to keep an eye on ipfw.

I am working on a script to roll them into a dbf file to
load into StarOffice on a nightly or weekly basis.

*==============================================*
*Gene Harris      http://www.tetronsoftware.com*
*FreeBSD Novice                                *
*All ORBS.org SMTP connections are denied!     *
*==============================================*

On Thu, 27 Jan 2000, Brett Glass wrote:

>  At 01:16 AM 1/27/2000 , The Mad Scientist wrote:
>  
>  >At any rate, I like logging on most of my deny rules.  You see all kinds of
>  >neat stuff even on a home DSL connection.
>  
>  Good idea! So long as logging is rate-limited, this might be fun.
>  
>  Does one have to add anything to syslogd.conf to get the log messages from
>  ipfw to appear in /var/log/messages?
>  
>  --Brett
>  
>  
>  
>  To Unsubscribe: send mail to majordomo@FreeBSD.org
>  with "unsubscribe freebsd-security" in the body of the message
>  



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message