Date: Mon, 29 Oct 2001 13:01:40 -0500 From: Louis LeBlanc <leblanc+freebsd@keyslapper.org> To: freebsd-questions@FreeBSD.ORG Subject: Re: Firewall Logging Message-ID: <20011029130139.B20972@keyslapper.org> In-Reply-To: <DBEEJCFFMKHFOCLJLKFBKEJGCAAA.ben@alohagrowers.com> References: <DBEEJCFFMKHFOCLJLKFBKEJGCAAA.ben@alohagrowers.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/29/01 09:51 AM, Ben Witkowski sat at the `puter and typed:
> i've enabled logging in rc.firewall and its enabled in the kernel.
> but i don't see any logging activity in /var/log/security ?
> do i need to add ipfw rules to further enable logging?
> or are the logs kept in another location?
That depends on a couple things.
Typically, only certain rules result in logging, and only if they are
of the following form:
${fwcmd} add pass log tcp from any to any 22 in via ${oif} setup
Where $fwcmd is typically '/sbin/ipfw', possibly including flags, and
$oif is your external interface (assuming that is the one you want to
log traffic from). The key is the log command, and it can also be in
the form 'logamount 10' if you want to limit logging to 10 packets.
It's pretty well laid out in 'man ipfw', and should be easier to find
now that you have an idea what to look for.
HTH
Lou
--
Louis LeBlanc leblanc@keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
Infancy, n.:
The period of our lives when, according to Wordsworth, "Heaven lies
about us." The world begins lying about us pretty soon afterward.
-- Ambrose Bierce
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011029130139.B20972>