Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 08 Dec 2005 12:12:21 +0200
From:      Toomas Aas <toomas.aas@raad.tartu.ee>
To:        questions@freebsd.org
Subject:   ipmon syslog facility in FreeBSD 6.0
Message-ID:  <43980705.5090205@raad.tartu.ee>

next in thread | raw e-mail | index | archive | help
Hello!

What syslog facility is ipmon using on FreeBSD 6.0? From the 
documentation I don't see that anything is supposed to be changed from 
5.4, where it was 'security'. So on my freshly-installed FreeBSD 6.0 I 
made modifications to /etc/syslog.conf similar to those that work on 
5.4. Basically I added this as the first uncommented line to 
/etc/syslog.conf

security.*	/var/log/ipfilter

However, nothing is logged to /var/log/ipfilter. I'm using the default 
value for ipmon_flags in /etc/rc.conf and ps output shows that 
'/sbin/ipmon -Ds' is running. At the same time, ipfstat -ih shows 
increasing number of hits on rules which have 'log' keyword in them. The 
logfile /var/log/ipfilter exists and is mode 0600, owner root:wheel.

When I enable all.log in syslog.conf, ipmon messages are logged to 
all.log. So it seems like I'm not using the correct facility for 
/var/log/ipfilter. How can I find out what the correct facility is? I 
tried reading the source, but it's beyond my comprehension (except 
contrib/ipfilter/Makefile, which seems to imply that it's still 'security').



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43980705.5090205>