From owner-freebsd-questions@FreeBSD.ORG Sat Jan 29 19:09:40 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63BA516A4CE for ; Sat, 29 Jan 2005 19:09:40 +0000 (GMT) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 82FF243D2F for ; Sat, 29 Jan 2005 19:09:39 +0000 (GMT) (envelope-from freebsd-questions@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1CuxyS-0001EJ-Qa for freebsd-questions@freebsd.org; Sat, 29 Jan 2005 20:09:36 +0100 Received: from a213-22-220-231.netcabo.pt ([213.22.220.231]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 29 Jan 2005 20:09:36 +0100 Received: from hishadow by a213-22-220-231.netcabo.pt with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 29 Jan 2005 20:09:36 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Joe Kraft Date: Sat, 29 Jan 2005 19:09:49 +0000 Lines: 22 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: a213-22-220-231.netcabo.pt User-Agent: Mozilla Thunderbird 1.0 (X11/20050101) X-Accept-Language: en-us, en Sender: news X-Gmane-MailScanner: Found to be clean, Found to be clean X-MailScanner-From: freebsd-questions@m.gmane.org Subject: ipmon writes to security.* in 5.3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Jan 2005 19:09:40 -0000 I have a 5.3-STABLE machine with ipfilter built into the kernel. When running ipmon logging to syslog, the information is being dumped to the security.* service instead of the local0.* service like the handbook says it should. I've taken a quick look at the code and it appears it should be going to local0.* like expected and like it did for me on 4.10, but it's not. I see the following in UPDATE: 20041003: The pfil API has gained an additional argument to pass an inpcb. You should rebuild all pfil consuming modules: ipfw, ipfilter and pf. but I don't think that should affect me since I installed 5.3-RELEASE and have rebuilt to the current (two weeks ago) 5.3-STABLE. Does anyone have any recommendations? Pointers to blatantly obvious documentation are perfectly acceptable, if warranted. Thanks, Joe.