On Dec 5, 2008, at 7:07 AM, Dean Weimer wrote:
I was just setting up ipfilter and ipmon on a FreeBSD 7 server, and
noticed that the ipmon and syslog information under the ipfilter
section of the handbook is incorrect.
A couple of years back, I submitted a one liner to some email
address of a documentation maintainer. I just looked on the
site and couldn't find this address. Instead, it said if you have
a change, it suggested putting in a PR. It sounds like it you
should create a diff of the current wording and your recommended
change.
Here is where I was looking:
http://www.freebsd.org/docproj/submitting.html
The section reads:
-----snip-----
31.5.7 IPMON Logging
Syslogd uses its own special method for segregation of log data. It
uses special groupings called "facility" and "level". IPMON in -Ds
mode uses security as the "facility" name. All IPMON logged data
goes to security The following levels can be used to further
segregate the logged data if desired:
LOG_INFO - packets logged using the "log" keyword as the action
rather than pass or block.
LOG_NOTICE - packets logged which are also passed
LOG_WARNING - packets logged which are also blocked
LOG_ERR - packets which have been logged and which can be
considered short
To setup IPFILTER to log all data to /var/log/ipfilter.log, you
will need to create the file. The following command will do that:
# touch /var/log/ipfilter.log
The syslog function is controlled by definition statements in the /
etc/syslog.conf file. The syslog.conf file offers considerable
flexibility in how syslog will deal with system messages issued by
software applications like IPF.
Add the following statement to /etc/syslog.conf:
security.* /var/log/ipfilter.log
The security.* means to write all the logged messages to the coded
file location.
To activate the changes to /etc/syslog.conf you can reboot or bump
the syslog task into re-reading /etc/syslog.conf by running /etc/
rc.d/syslogd reload
Do not forget to change /etc/newsyslog.conf to rotate the new log
you just created above.
-----snip-----
In trying to configure this I found that ipmon -Dsa doesn't log to
security, but logs to local0 instead. Reading the man page for
ipmon does in fact state this. However it also list the -L option
as being able to change this default behavior, I tried ipmon -DSa -
L security, it excepts this, but doesn't actually change the
logging to use security. It still only outputs to the syslog using
local0, I also tried using ipmon -DSa -L local7 as well, still
outputs to local0. It was easy enough to modify my syslog.conf to
output the local0.* as well as security.* to the /var/log/security
file. However it would be greatly appreciated if someone that
actually understands what's going on here could get this info
updated. It would have saved me some time, as well as I am sure
some other people in the future. Of course it's always possible I
am missing something simple here that is causing this discrepancy,
please do inform me if I did. It's probably worth mentioning that
I am starting ipmon using the rc.conf file with ipmon_enable="YES"
and ipmon_flags="-DSa", just in case the /etc/rc.d/ipmon script
actually changes the default behavior of ipmon in some way, though
I didn't see anything in it that should. And ps wwaux | grep ipmon
does display the process running with the flags exactly as stated
on the ipmon_flags line of the /etc/rc.conf file.
Thanks,
Dean Weimer
Network Administrator
Orscheln Management Co
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-
[EMAIL PROTECTED]"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"