From owner-freebsd-questions@FreeBSD.ORG Sun Jan 30 15:18:28 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1492B16A4CE for ; Sun, 30 Jan 2005 15:18:28 +0000 (GMT) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 009E943D2F for ; Sun, 30 Jan 2005 15:18:27 +0000 (GMT) (envelope-from freebsd-questions@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1CvGq3-0006tc-7r for freebsd-questions@freebsd.org; Sun, 30 Jan 2005 16:18:11 +0100 Received: from a213-22-220-231.netcabo.pt ([213.22.220.231]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 30 Jan 2005 16:18:11 +0100 Received: from hishadow by a213-22-220-231.netcabo.pt with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 30 Jan 2005 16:18:11 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Joe Kraft Date: Sun, 30 Jan 2005 15:18:32 +0000 Lines: 39 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: a213-22-220-231.netcabo.pt User-Agent: Mozilla Thunderbird 1.0 (X11/20050101) X-Accept-Language: en-us, en In-Reply-To: Sender: news X-Gmane-MailScanner: Found to be clean, Found to be clean X-MailScanner-From: freebsd-questions@m.gmane.org Subject: Re: ipmon writes to security.* in 5.3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jan 2005 15:18:28 -0000 Joe Kraft wrote: > I have a 5.3-STABLE machine with ipfilter built into the kernel. When > running ipmon logging to syslog, the information is being dumped to the > security.* service instead of the local0.* service like the handbook > says it should. > OK I'm feeling a stupid, only a little though...because the info in the handbook doesn't match the reality (given in the manpage) WRT the "facility" name used by ipmon. The handbook (http://www4.pt.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html) says: 24.5.7 IPMON Logging Syslogd uses its own special method for segregation of log data. It uses special groupings called ``facility'' and ``level''. IPMON in -Ds mode uses local0 as the ``facility'' name. All IPMON logged data goes to local0. The following levels can be used to further segregate the logged data if desired: The ipmon(8) manpage says: -s Packet information read in will be sent through syslogd rather than saved to a file. The default facility when compiled and installed is security. The following levels are used: ------------------------- So now I have two more questions. First, what is the best way to go about getting this fixed so noone else makes the same mistake I did? A simple post somewhere explaining what's incorrect, or do I need to create a diff and upload it somewhere? Second, what else uses the security syslog facility? Is my security log going to have other things than just my firewall logs that I will now have to go digging for? Thanks, Joe.