I was just setting up ipfilter and ipmon on a FreeBSD 7 server, and noticed 
that the ipmon and syslog information under the ipfilter section of the 
handbook is incorrect.

The section reads:
-----snip-----
31.5.7 IPMON Logging
Syslogd uses its own special method for segregation of log data. It uses 
special groupings called "facility" and "level". IPMON in -Ds mode uses 
security as the "facility" name. All IPMON logged data goes to security The 
following levels can be used to further segregate the logged data if desired:
LOG_INFO - packets logged using the "log" keyword as the action rather than 
pass or block.
LOG_NOTICE - packets logged which are also passed
LOG_WARNING - packets logged which are also blocked
LOG_ERR - packets which have been logged and which can be considered short
To setup IPFILTER to log all data to /var/log/ipfilter.log, you will need to 
create the file. The following command will do that:
# touch /var/log/ipfilter.log
The syslog function is controlled by definition statements in the 
/etc/syslog.conf file. The syslog.conf file offers considerable flexibility in 
how syslog will deal with system messages issued by software applications like 
IPF.
Add the following statement to /etc/syslog.conf:
security.* /var/log/ipfilter.log
The security.* means to write all the logged messages to the coded file 
location.
To activate the changes to /etc/syslog.conf you can reboot or bump the syslog 
task into re-reading /etc/syslog.conf by running /etc/rc.d/syslogd reload
Do not forget to change /etc/newsyslog.conf to rotate the new log you just 
created above.
-----snip-----

In trying to configure this I found that ipmon -Dsa doesn't log to security, 
but logs to local0 instead.  Reading the man page for ipmon does in fact state 
this.  However it also list the -L option as being able to change this default 
behavior, I tried ipmon -DSa -L security, it excepts this, but doesn't actually 
change the logging to use security.  It still only outputs to the syslog using 
local0, I also tried using ipmon -DSa -L local7 as well, still outputs to 
local0.  It was easy enough to modify my syslog.conf to output the local0.* as 
well as security.* to the /var/log/security file.  However it would be greatly 
appreciated if someone that actually understands what's going on here could get 
this info updated.  It would have saved me some time, as well as I am sure some 
other people in the future.  Of course it's always possible I am missing 
something simple here that is causing this discrepancy, please do inform me if 
I did.  It's probably worth mentioning that I am starting ipmon using the 
rc.conf file with ipmon_enable="YES" and ipmon_flags="-DSa", just in case the 
/etc/rc.d/ipmon script actually changes the default behavior of ipmon in some 
way, though I didn't see anything in it that should.  And ps wwaux | grep ipmon 
does display the process running with the flags exactly as stated on the 
ipmon_flags line of the /etc/rc.conf file.

Thanks,
     Dean Weimer
     Network Administrator
     Orscheln Management Co

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to