From owner-freebsd-security Sun Oct 24 16:59:22 1999 Delivered-To: freebsd-security@freebsd.org Received: from sand2.sentex.ca (sand2.sentex.ca [209.167.248.3]) by hub.freebsd.org (Postfix) with ESMTP id 5048015145 for ; Sun, 24 Oct 1999 16:59:19 -0700 (PDT) (envelope-from mike@sentex.net) Received: from gravel (ospf-mdt.sentex.net [205.211.164.81]) by sand2.sentex.ca (8.8.8/8.8.8) with SMTP id TAA03869; Sun, 24 Oct 1999 19:59:09 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <4.1.19991024195648.04634e00@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Sun, 24 Oct 1999 19:59:06 -0400 To: "Mr Magoo" , From: Mike Tancsa Subject: RE: kernel patch to detect port scan, without turning on ports... In-Reply-To: References: <199910240556.PAA55113@atdot.dotat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 07:48 PM 10/24/99 , Mr Magoo wrote: >How would you go about making these messages go into a syslogd file? I've >never really understood howto put things into a log file with it. > BTW- can you do that same thing for ICMP's? Add the line kern.* /var/log/kern to /etc/syslog.conf (than kill -1 `cat /var/run/syslog.pid` to signal syslogd to reread its config file) To log all icmp traffic, one way to do it is via ipfw e.g. ipfw add 500 allow log icmp from any to any or ipfw add 500 allow log icmp from any to any icmptype 0,8 for just pings. It too will get logged via syslog to kern. ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message