Date: Wed, 27 Feb 2008 10:37:47 +0000 From: Anton Shterenlikht <mexas@bristol.ac.uk> To: freebsd-doc@freebsd.org Subject: error in the FBSD handbook sec 28.5.7 IPMON Logging Message-ID: <20080227103747.GA61872@mech-aslap33.men.bris.ac.uk>
next in thread | raw e-mail | index | archive | help
Hello The handbook seems to be wrong in section 28.5.7 IPMON Logging: "Add the following statement to /etc/syslog.conf: security.* /var/log/ipfilter.log The security.* means to write all the logged messages to the coded file" It appears that instead of "security" one must use "local0". According to the IPF FAQ: http://www.phildev.net/ipf/IPFipmon.html#ipmon1 Q. I have IPMon logging to syslog, but syslog doesn't log anything, why not? A. IPF logs as local0 so you'll want something to the effect of: local0.debug /var/log/ipf.log in your syslog.conf. NOTE: There has to be atleast one TAB in that line, not just spaces. I got my ipmon logging working only after I changed "security.*" to "local0.*" in /etc/syslog.conf: # grep local0 /etc/syslog.conf local0.* /var/log/ipfilter.log # I was also told in the fbsd-questions mailing list (I haven't checked this myself) that: "The weird thing is the following: http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/ipfilter/tools/ipmon.c?rev=1.4.2.2 #ifndef LOGFAC #define LOGFAC LOG_LOCAL0 #endif In the contrib/ipfilter/Makefile it is set to security, but...freebsd builds with src/sbin/ipf/ipmon and there it is indeed LOG_LOCAL0." The full thread which led to this resolution is here: http://lists.freebsd.org/pipermail/freebsd-questions/2008-February/169638.html many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080227103747.GA61872>