Date: Sun, 30 Jan 2005 15:18:32 +0000 From: Joe Kraft <hishadow@netcabo.pt> To: freebsd-questions@freebsd.org Subject: Re: ipmon writes to security.* in 5.3 Message-ID: <ctitr9$8lp$1@sea.gmane.org> In-Reply-To: <ctgn1c$6e7$1@sea.gmane.org> References: <ctgn1c$6e7$1@sea.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe Kraft wrote: > I have a 5.3-STABLE machine with ipfilter built into the kernel. When > running ipmon logging to syslog, the information is being dumped to the > security.* service instead of the local0.* service like the handbook > says it should. > OK I'm feeling a stupid, only a little though...because the info in the handbook doesn't match the reality (given in the manpage) WRT the "facility" name used by ipmon. The handbook (http://www4.pt.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html) says: 24.5.7 IPMON Logging Syslogd uses its own special method for segregation of log data. It uses special groupings called ``facility'' and ``level''. IPMON in -Ds mode uses local0 as the ``facility'' name. All IPMON logged data goes to local0. The following levels can be used to further segregate the logged data if desired: The ipmon(8) manpage says: -s Packet information read in will be sent through syslogd rather than saved to a file. The default facility when compiled and installed is security. The following levels are used: ------------------------- So now I have two more questions. First, what is the best way to go about getting this fixed so noone else makes the same mistake I did? A simple post somewhere explaining what's incorrect, or do I need to create a diff and upload it somewhere? Second, what else uses the security syslog facility? Is my security log going to have other things than just my firewall logs that I will now have to go digging for? Thanks, Joe.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ctitr9$8lp$1>