From owner-freebsd-questions@FreeBSD.ORG  Mon Apr 26 17:00:38 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1751D16A4D3
	for <questions@FreeBSD.ORG>; Mon, 26 Apr 2004 17:00:38 -0700 (PDT)
Received: from smtp-out2.blueyonder.co.uk (smtp-out2.blueyonder.co.uk
	[195.188.213.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0538F43D1F
	for <questions@FreeBSD.ORG>; Mon, 26 Apr 2004 17:00:16 -0700 (PDT)
	(envelope-from jfm@blueyonder.co.uk)
Received: from lexx ([82.37.145.193]) by smtp-out2.blueyonder.co.uk with
	Microsoft SMTPSVC(5.0.2195.5600);	 Tue, 27 Apr 2004 01:00:15 +0100
From: John Murphy <jfm@blueyonder.co.uk>
To: questions@FreeBSD.ORG
Date: Tue, 27 Apr 2004 01:00:13 +0100
Message-ID: <b75r80d3visorpqfkpl8f6h0u2megdd2gl@4ax.com>
X-Mailer: Forte Agent 1.93/32.576 English (American)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-OriginalArrivalTime: 27 Apr 2004 00:00:15.0813 (UTC)
	FILETIME=[9EB39F50:01C42BEA]
Subject: ipf not loging (5.2.1)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: jfm@blueyonder.co.uk
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2004 00:00:38 -0000

I'm stumped.  Can't seem to get ipf/ipmon to log to /var/log/ipflog
(FreeBSD 5.2.1-Release)

In /etc/rc.conf I have:
ipfilter_enable=3D"YES"
ipfilter_program=3D"/sbin/ipf"
ipfilter_rules=3D"/etc/ipf.rules"
ipfilter_flags=3D""

ipnat_enable=3D"YES"
ipnat_program=3D"/sbin/ipnat"
ipnat_rules=3D"/etc/ipnat.rules"
ipnat_flags=3D""

ipmon_enable=3D"YES"
ipmon_program=3D"/sbin/ipmon"
ipmon_flags=3D"-D /var/log/ipflog"

The end of dmesg says:
IP Filter: v3.4.31 initialized.  Default =3D pass all, Logging =3D =
enabled

I've touched and chmoded /var/log/ipflog so it looks like:
-rw-rw-rw-  1 root  wheel  0 Apr 26 23:23 /var/log/ipflog

And I've used trafshow to see packets which should be logged but
/var/log/ipflog remains empty.  Any hints welcome.

--=20
John.