From owner-freebsd-doc@FreeBSD.ORG Wed Feb 27 11:15:02 2008 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0E8401065676 for ; Wed, 27 Feb 2008 11:15:02 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from diri.bris.ac.uk (diri.bris.ac.uk [137.222.10.112]) by mx1.freebsd.org (Postfix) with ESMTP id 943EF8FC16 for ; Wed, 27 Feb 2008 11:15:01 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from seis.bris.ac.uk ([137.222.10.93]) by diri.bris.ac.uk with esmtp (Exim 4.67) (envelope-from ) id 1JUJhd-0001xq-48 for freebsd-doc@freebsd.org; Wed, 27 Feb 2008 10:40:02 +0000 Received: from mech-aslap33.men.bris.ac.uk ([137.222.184.33]) by seis.bris.ac.uk with esmtp (Exim 4.67) (envelope-from ) id 1JUJhc-0004H7-EH for freebsd-doc@freebsd.org; Wed, 27 Feb 2008 10:39:56 +0000 Received: from mech-aslap33.men.bris.ac.uk (localhost [127.0.0.1]) by mech-aslap33.men.bris.ac.uk (8.14.2/8.14.2) with ESMTP id m1RAbmS1071166 for ; Wed, 27 Feb 2008 10:37:48 GMT (envelope-from mexas@bristol.ac.uk) Received: (from mexas@localhost) by mech-aslap33.men.bris.ac.uk (8.14.2/8.14.2/Submit) id m1RAbm97071165 for freebsd-doc@freebsd.org; Wed, 27 Feb 2008 10:37:48 GMT (envelope-from mexas@bristol.ac.uk) X-Authentication-Warning: mech-aslap33.men.bris.ac.uk: mexas set sender to mexas@bristol.ac.uk using -f Date: Wed, 27 Feb 2008 10:37:47 +0000 From: Anton Shterenlikht To: freebsd-doc@freebsd.org Message-ID: <20080227103747.GA61872@mech-aslap33.men.bris.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-Spam-Score: -1.4 X-Spam-Level: - Subject: error in the FBSD handbook sec 28.5.7 IPMON Logging X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2008 11:15:02 -0000 Hello The handbook seems to be wrong in section 28.5.7 IPMON Logging: "Add the following statement to /etc/syslog.conf: security.* /var/log/ipfilter.log The security.* means to write all the logged messages to the coded file" It appears that instead of "security" one must use "local0". According to the IPF FAQ: http://www.phildev.net/ipf/IPFipmon.html#ipmon1 Q. I have IPMon logging to syslog, but syslog doesn't log anything, why not? A. IPF logs as local0 so you'll want something to the effect of: local0.debug /var/log/ipf.log in your syslog.conf. NOTE: There has to be atleast one TAB in that line, not just spaces. I got my ipmon logging working only after I changed "security.*" to "local0.*" in /etc/syslog.conf: # grep local0 /etc/syslog.conf local0.* /var/log/ipfilter.log # I was also told in the fbsd-questions mailing list (I haven't checked this myself) that: "The weird thing is the following: http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/ipfilter/tools/ipmon.c?rev=1.4.2.2 #ifndef LOGFAC #define LOGFAC LOG_LOCAL0 #endif In the contrib/ipfilter/Makefile it is set to security, but...freebsd builds with src/sbin/ipf/ipmon and there it is indeed LOG_LOCAL0." The full thread which led to this resolution is here: http://lists.freebsd.org/pipermail/freebsd-questions/2008-February/169638.html many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423