Date: Sat, 14 Dec 2002 17:58:53 +0200 From: Peter Pentchev <roam@ringlet.net> To: Erwan Breton <breton@cri.ensmp.fr> Cc: freebsd-security@freebsd.org Subject: Re: Kernel log messages Message-ID: <20021214155853.GA405@straylight.oblivion.bg> In-Reply-To: <200212141214.42931.breton@cri.ensmp.fr> References: <200212141214.42931.breton@cri.ensmp.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
--HlL+5n6rz5pIUxbD Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Dec 14, 2002 at 12:14:42PM +0100, Erwan Breton wrote: > Hi, >=20 > Since i have activate the firewall on my Box, I have many kernel log=20 > messages in my security check output every night. the problem is, idon't = see=20 > anymore interessant messages like bad login. >=20 > athena kernel log messages: [snip ipfw log messages] >=20 > main# uname -a > FreeBSD 4.7-STABLE #10: Thu Nov 28 19:00:13 CET 2002 > I just active firewall (i think :o) ) >=20 > If u need more conf (like syslog.conf) tell it. >=20 > Thanks for ideas and answers. What exactly is the problem: that those messages are hiding the rest of the information in your logfiles? You can easily turn ipfw logging off: it is currently logging verbosely because of one of two reasons - either you have an 'option IPFIREWALL_VERBOSE' in your kernel config file, or you have 'firewall_logging=3D"yes"' in your /etc/rc.conf file. To turn ipfw logging off, either remove the firewall_logging=3D"yes" line from /etc/rc.conf, or add a net.inet.ip.fw.verbose=3D0 line to /etc/sysctl.conf. Both of these will take effect upon your next reboot, when the startup scripts reread the configuration; if you want to turn off the verbose ipfw logging right now, issue the following command: sysctl net.inet.ip.fw.verbose=3D0 Of course, neither of these will help if you have explicitly requested logging in one of your firewall rules: examine your firewall configuration and see if any of the rules has the 'log' keyword. All this said, there is another option for having your cake and eating it, too: instructing syslog.conf to send ipfw log messages to another location. According to the ipfw manual page, the 'log' keyword causes ipfw to send kernel.security syslog messages; you could redirect those to a separate file, so that they do not interfere with your normal logging. Hope this helps :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 Thit sentence is not self-referential because "thit" is not a word. --HlL+5n6rz5pIUxbD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE9+1U97Ri2jRYZRVMRAilRAJ9M1EylYls7jZfmDT+M8xWSTdPOuACgun4U aMMLCdHTfgYVLZOXoqWzIww= =V6Ef -----END PGP SIGNATURE----- --HlL+5n6rz5pIUxbD-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021214155853.GA405>