From owner-freebsd-questions@FreeBSD.ORG Fri Jan 28 21:29:15 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D76616A4CE for ; Fri, 28 Jan 2005 21:29:15 +0000 (GMT) Received: from main.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C33F43D39 for ; Fri, 28 Jan 2005 21:29:14 +0000 (GMT) (envelope-from freebsd-questions@m.gmane.org) Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1Cudg0-0006Nr-00 for ; Fri, 28 Jan 2005 22:29:12 +0100 Received: from a213-22-220-231.netcabo.pt ([213.22.220.231]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 28 Jan 2005 22:29:12 +0100 Received: from hishadow by a213-22-220-231.netcabo.pt with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 28 Jan 2005 22:29:12 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Joe Kraft Date: Fri, 28 Jan 2005 21:29:16 +0000 Lines: 48 Message-ID: References: <41ABDAB6.5030906@comcast.net> <7cbadc870412010237464b55f5@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: a213-22-220-231.netcabo.pt User-Agent: Mozilla Thunderbird 1.0 (X11/20050101) X-Accept-Language: en-us, en In-Reply-To: <7cbadc870412010237464b55f5@mail.gmail.com> Sender: news Subject: Re: Problems logging w/ IPF on FreeBSD 5.3-STABLE X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2005 21:29:15 -0000 Nelis Lamprecht wrote: > On Mon, 29 Nov 2004 18:28:06 -0800, FMorales wrote: > > >>bash-2.05b$ cat /etc/rc.conf | grep "ip" >>ipfilter_enable="YES" >>ipfilter_rules="/etc/ipf.rules" >>ipmon_enable="YES" >>ipmon_flags="-Ds" >> > > > change the above to read something along the lines of: > > ipmon_flags="-Dn /var/log/ipfilter.log" > > remove the "s" in other words and put in the path to your log file to > output the data. > I have the same problem with my logs in 5.3, but I would like them to run through syslogd because I would like them written to another machine also. The same syslog.conf worked find on 4.10. The following /etc/syslog.conf results in firewall logs going to messages and security but not firewall.log and not remotely to kara. local0.* /var/log/firewall.log *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;authpriv.none;kern.debug;local0.none;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info /var/log/lpd-errs ftp.info /var/log/xferlog cron.* /var/log/cron *.=debug /var/log/debug.log *.emerg * local0.* @kara If I give the command 'logger -p local0.notice "where does this go" ' the log goes to the local and remote machines. What am I missing? Did ipmon start forwarding to a different service? Joe.