I have ipfilter set up and running fine, but I have been finding that my
security logs show up in both my security and messages log files. ipmon is
running with the command "ipmon -oI -s -D" and my syslog.conf file has the
following relevant configuration.
..
local0.* /var/log/security
security.* /var/log/security
*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
..
I am only logging blocked and short packets, which according to "man ipmon"
should do the following.
..
-s Packet information read in will be sent through
syslogd rather than saved to a file. The default
facility when compiled and installed is local0.
The following levels are used:
LOG_INFO - packets logged using the "log" keyword
as the action rather than pass or block.
LOG_NOTICE - packets logged which are also passed
LOG_WARNING - packets logged which are also blocked
LOG_ERR - packets which have been logged and which
can be considered "short".
..
There is nothing in my syslog.conf that is pointing *.warning or *.err to
messages.
Does anyone have any ideas as to why this is happening??
Please Copy me with any replies.
--
Thanks,
Dean E. Weimer
[EMAIL PROTECTED]
http://www.dweimer.org/
________________________________________________________________
This message was sent from dweimer.org using TWIG
- The Web Information Gateway.
- For more information visit http://www.dweimer.org/
- To Report Abuse Contact [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
