On Mon, Jan 13, 2003 at 05:23:52PM -0500, JoeB wrote:
This mean that you haven't enable default logging of packets.From: "JoeB" <[EMAIL PROTECTED]> To: "Wayne Pascoe" <[EMAIL PROTECTED]> Cc: "FBSDQ" <[EMAIL PROTECTED]> Subject: RE: ipfilter/ipmon log msgs Date: Mon, 13 Jan 2003 17:23:52 -0500Did ipf -V and the which command on both ipf & ipmon and they are both in same directory. The only thing that look questionable is ipf -V says log flags: 0 = none set.
(man 8 ipf & search for -l option)
And now to you original question:
The author of ipmon man page when say that day, month and year
are removed from messages he means that they are removed from
messages that are taken from /dev/ipl, not that they aren't logged
in log files. What you see in yours log files from beginning of line
to colon character is appended from syslog and it's day, month and
time of sending messages to system logger. We have two distinct
events:
1. The date and time when packets are blocked or passed, the time
when they are logged to /dev/ipl (what is actually removed, without
time it's always logged)
2. The date and time when ipmon logs messages, the time when ipmon
reads /dev/ipl and logs via syslog or write to console)
Between this two events we have some time interval, so you must
not mix up them.
Does this mean ipfilter_flags="" or ipmon_flags="-Ds" What is this talking about?? In rc.conf I have ipfilter_enable="YES" ipfilter_flags="" ipnat_enable="YES" ipmon_enable="YES" ipmon_flags="-Ds" Is there a ipfilter web site that I can check man info page on ipmon to see if it has newer information that what FBSD has in it's man ipmon which would mean that the new man info was not updated into the new FBSD release of ipfilter which happened in FBSD 4.7 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wayne Pascoe Sent: Monday, January 13, 2003 4:35 PM To: [EMAIL PROTECTED] Cc: FBSDQ Subject: Re: ipfilter/ipmon log msgs "JoeB" <[EMAIL PROTECTED]> writes:Man ipmon says than when option -s is selected to send ipfilter log messages to syslogd the day, month, year prefix is removedfromthe message before posting to syslogd. This does not happen.Firstly, ensure you're starting ipmon with the -Ds flags. This will put it in daemon mode and log through syslogd. I've had a problem with logfile formats in the past and this was because I was not running the correct version of ipmon. do sudo ipf -V Check the version. Then do which ipf Then check to see that the ipmon is running is in the same directory. Otherwise, post a sample log line... Regards, -- - Wayne Pascoe You know, it's simply not true that wars never settle anything - James Burnham To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
-- Regards, Dancho Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
