From owner-freebsd-questions Mon Oct 29 10: 0:20 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail-relay1.mirrorimage.net (mail-relay1.mirrorimage.net [209.58.140.11]) by hub.freebsd.org (Postfix) with ESMTP id 7FA3F37B408 for ; Mon, 29 Oct 2001 10:00:14 -0800 (PST) Received: from leblanc.mirrorimage.net (leblanc.mirrorimage.net [209.192.210.146]) by mail-relay1.mirrorimage.net (8.9.3/8.9.3) with ESMTP id NAA30770 for ; Mon, 29 Oct 2001 13:00:13 -0500 Received: (from leblanc@localhost) by leblanc.mirrorimage.net (8.11.6/8.11.4) id f9TI1eB85685 for freebsd-questions@FreeBSD.ORG; Mon, 29 Oct 2001 13:01:40 -0500 (EST) (envelope-from leblanc) Date: Mon, 29 Oct 2001 13:01:40 -0500 From: Louis LeBlanc To: freebsd-questions@FreeBSD.ORG Subject: Re: Firewall Logging Message-ID: <20011029130139.B20972@keyslapper.org> Reply-To: freebsd-questions@FreeBSD.ORG Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.3.23i X-bright-idea: Lets abolish HTML mail! Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 10/29/01 09:51 AM, Ben Witkowski sat at the `puter and typed: > i've enabled logging in rc.firewall and its enabled in the kernel. > but i don't see any logging activity in /var/log/security ? > do i need to add ipfw rules to further enable logging? > or are the logs kept in another location? That depends on a couple things. Typically, only certain rules result in logging, and only if they are of the following form: ${fwcmd} add pass log tcp from any to any 22 in via ${oif} setup Where $fwcmd is typically '/sbin/ipfw', possibly including flags, and $oif is your external interface (assuming that is the one you want to log traffic from). The key is the log command, and it can also be in the form 'logamount 10' if you want to limit logging to 10 packets. It's pretty well laid out in 'man ipfw', and should be easier to find now that you have an idea what to look for. HTH Lou -- Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Infancy, n.: The period of our lives when, according to Wordsworth, "Heaven lies about us." The world begins lying about us pretty soon afterward. -- Ambrose Bierce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message