Yes - according to the previously mentioned article, I would use ipmon to view the entries written to the logfile, thru e.g: ipmon -o SNI /var/log/ipfilter.log
But since the logfile is empty, ipmon doesn't show anything. Cheers, Kai -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Axel Klatt Gesendet: Montag, 10. Mai 2010 09:54 An: [email protected] Betreff: Re: [networking-discuss] logging of ipfilter traffic you have to use ipmon(1M) to watch the logged data. Axel On 5/10/10 9:38 AM, Kai Krebber wrote: > Hi! > > I tried to get a log from ipfilter, so I can see > -)what has been allow, > -)what has been blocked and > -)how packets have been NATted. > > I tried following the instructions, found in > > http://www.linuxtopia.org/online_books/opensolaris_2008/SYSADV3/html/faa > vk.html#gdfwa > > But I don't get anything in the log. > > What I did: > > a) created ipfilter-rules with logging: > r...@kunde003-wan:/etc/ipf# cat ipf.conf > # Non-service programs rules > # Global Default rules > #pass in proto udp from 10.2.2.2 port != 53 to localhost > pass in log quick on wan3001 from 213.172.123.138/32 to 213.172.115.4/32 > pass in log quick on wan3001 from 120.0.0.0/24 to 213.172.115.4/32 > block in log quick on wan3001 all > > b) created NAT-rules > r...@kunde003-wan:/etc/ipf# cat ipnat.conf > map wan3001 120.0.0.0/24 -> 82.100.214.138/32 > > c) checked that the rules got activated: > r...@kunde003-wan:/etc/ipf# ipfstat -io > empty list for ipfilter(out) > pass in log quick on wan3001 from 213.172.123.138/32 to 213.172.115.4/32 > pass in log quick on wan3001 from 120.0.0.0/24 to 213.172.115.4/32 > block in log quick on wan3001 all > > d) checked that the nat-rules got activated: > r...@kunde003-wan:/etc/ipf# ipnat -l > List of active MAP/Redirect filters: > map wan3001 120.0.0.0/24 -> 82.100.214.138/32 > > List of active sessions: > > e) touched /var/log/ipfilter.log: > r...@kunde003-wan:/etc/ipf# ls -l /var/log/ipfilter.log > -rw-r--r-- 1 root root 0 May 7 15:01 > /var/log/ipfilter.log > > f) told syslog to log into /var/log/ipfilter.log: > > r...@kunde003-wan:/etc/ipf# grep ipfilter /etc/syslog.conf > local0.debug /var/log/ipfilter.log > > g) restarted system-log: > r...@kunde003-wan:/etc/ipf# svcs -a | grep system-log > online 9:30:36 svc:/system/system-log:default > > > I assume that I have to tell ipfilter to generally log to facility > local0, but I don't know how? > Does anybody have an idea, what I am missing to activate logging for > ipfilter? > > Thanks, > Kai > _______________________________________________ > networking-discuss mailing list > [email protected] -- Axel Klatt [email protected] Sun Microsystems GmbH Nagelsweg 55, D-20097 Hamburg SYSTEMS-TSC-NETWORK GSD --------------------------------------------------------- Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1, D-85551 Kirchheim-Heimstetten Amtsgericht München: HRB 161028 Geschäftsführer: Thomas Schröder _______________________________________________ networking-discuss mailing list [email protected] _______________________________________________ networking-discuss mailing list [email protected]
