On Wed, Dec 03, 2003 at 03:03:03PM -0500, Damian Gerow wrote: > > in rc.conf: > > > > ipmon_flags=-sD > > > > in syslog.conf: > > local0.* /var/log/ipfilter > > In 5.x, ipmon sends to security, not local0. Last I checked (5.1-R), there > was no way to change this. I submitted a post to -current, but nobody ever > responded. > > I *really* like having my ipf logfiles filtered off into their own logfile. > I don't like being forced to send everything of the same facility.severity > to the same logfile.
Actually, you can setup something similar in 5.X. I do the following in 5.1 (and have used this method in 4.X as well): IPF rules: block in log level local3.info quick from any to any head 01 block out log level local4.info quick from any to any head 02 syslog: # This takes only syslog messages that come from the ipmon program. The '=' # ensures that only the specified level is sent to each log file. !ipmon local3.=info /var/log/ipf/in.log local4.=info /var/log/ipf/out.log newsyslog: /var/log/ipf/in.log 0640 20 100 * Z /var/log/ipf/out.log 0640 20 100 * Z Paul
