Date: Sat, 14 Dec 2002 17:58:53 +0200 From: Peter Pentchev <roam@ringlet.net> To: Erwan Breton <breton@cri.ensmp.fr> Cc: freebsd-security@freebsd.org Subject: Re: Kernel log messages Message-ID: <20021214155853.GA405@straylight.oblivion.bg> In-Reply-To: <200212141214.42931.breton@cri.ensmp.fr> References: <200212141214.42931.breton@cri.ensmp.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sat, Dec 14, 2002 at 12:14:42PM +0100, Erwan Breton wrote: > Hi, > > Since i have activate the firewall on my Box, I have many kernel log > messages in my security check output every night. the problem is, idon't see > anymore interessant messages like bad login. > > athena kernel log messages: [snip ipfw log messages] > > main# uname -a > FreeBSD 4.7-STABLE #10: Thu Nov 28 19:00:13 CET 2002 > I just active firewall (i think :o) ) > > If u need more conf (like syslog.conf) tell it. > > Thanks for ideas and answers. What exactly is the problem: that those messages are hiding the rest of the information in your logfiles? You can easily turn ipfw logging off: it is currently logging verbosely because of one of two reasons - either you have an 'option IPFIREWALL_VERBOSE' in your kernel config file, or you have 'firewall_logging="yes"' in your /etc/rc.conf file. To turn ipfw logging off, either remove the firewall_logging="yes" line from /etc/rc.conf, or add a net.inet.ip.fw.verbose=0 line to /etc/sysctl.conf. Both of these will take effect upon your next reboot, when the startup scripts reread the configuration; if you want to turn off the verbose ipfw logging right now, issue the following command: sysctl net.inet.ip.fw.verbose=0 Of course, neither of these will help if you have explicitly requested logging in one of your firewall rules: examine your firewall configuration and see if any of the rules has the 'log' keyword. All this said, there is another option for having your cake and eating it, too: instructing syslog.conf to send ipfw log messages to another location. According to the ipfw manual page, the 'log' keyword causes ipfw to send kernel.security syslog messages; you could redirect those to a separate file, so that they do not interfere with your normal logging. Hope this helps :) G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 Thit sentence is not self-referential because "thit" is not a word. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE9+1U97Ri2jRYZRVMRAilRAJ9M1EylYls7jZfmDT+M8xWSTdPOuACgun4U aMMLCdHTfgYVLZOXoqWzIww= =V6Ef -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021214155853.GA405>