From owner-freebsd-questions@FreeBSD.ORG Tue Mar 16 12:25:19 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7678416A4CF for ; Tue, 16 Mar 2004 12:25:19 -0800 (PST) Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id E5EAB43D3F for ; Tue, 16 Mar 2004 12:25:18 -0800 (PST) (envelope-from kdk@daleco.biz) Received: from daleco.biz ([69.27.131.0]) by ns1.tiadon.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 16 Mar 2004 14:25:46 -0600 Message-ID: <405762AA.1050808@daleco.biz> Date: Tue, 16 Mar 2004 14:25:14 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040212 X-Accept-Language: en-us, en MIME-Version: 1.0 To: darryl@osborne-ind.com References: <010e01c40b90$76b18c80$0701a8c0@darryl> In-Reply-To: <010e01c40b90$76b18c80$0701a8c0@darryl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 16 Mar 2004 20:25:47.0218 (UTC) FILETIME=[DD7C1B20:01C40B94] cc: freebsd-questions@freebsd.org Subject: Re: /var/log/messages question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Mar 2004 20:25:19 -0000 Darryl Hoar wrote: >Greetings, >I have a 4.4-stable box configured as my firewall >running IPFilter and doing nat and routing to >the internet. > >I keep getting: > >Mar 16 13:10:09 darryl /kernel: arplookup 10.2.2.2 failed: host is not on >local network > >in my /var/log/messages file. It is coming from my DSL facing interface. I >used ethereal >to capture packets and determine the MAC address. Turns out to be a "vendor >testpoint" >on some OSI gear the ISP is using. They cannot correct this problem. > >ARP comes way before IPFilter, therefore I do not believe it can be >filtered. > >Is there anything I can do to prevent these warnings/errors from clogging up >my >log files ? > >thanks, >Darryl > > > I think you could change /etc/syslog.conf and -HUP the syslog daemon. However, I can't tell you what level of message that is; and therefore can't tell you exactly what to change in that file. I imagine that its "kern.debug" ... but I'm not sure. Not to mention, losing "kern.debug" might take away something you'll need next time you have a problem. I guess you could experiment, if you're not too afraid of losing other log messages; or you could script something to strip that line and run it via cron.... Kevin Kinsey DaleCo, S.P.