I was just setting up ipfilter and ipmon on a FreeBSD 7 server, and noticed that the ipmon and syslog information under the ipfilter section of the handbook is incorrect.
The section reads: -----snip----- 31.5.7 IPMON Logging Syslogd uses its own special method for segregation of log data. It uses special groupings called "facility" and "level". IPMON in -Ds mode uses security as the "facility" name. All IPMON logged data goes to security The following levels can be used to further segregate the logged data if desired: LOG_INFO - packets logged using the "log" keyword as the action rather than pass or block. LOG_NOTICE - packets logged which are also passed LOG_WARNING - packets logged which are also blocked LOG_ERR - packets which have been logged and which can be considered short To setup IPFILTER to log all data to /var/log/ipfilter.log, you will need to create the file. The following command will do that: # touch /var/log/ipfilter.log The syslog function is controlled by definition statements in the /etc/syslog.conf file. The syslog.conf file offers considerable flexibility in how syslog will deal with system messages issued by software applications like IPF. Add the following statement to /etc/syslog.conf: security.* /var/log/ipfilter.log The security.* means to write all the logged messages to the coded file location. To activate the changes to /etc/syslog.conf you can reboot or bump the syslog task into re-reading /etc/syslog.conf by running /etc/rc.d/syslogd reload Do not forget to change /etc/newsyslog.conf to rotate the new log you just created above. -----snip----- In trying to configure this I found that ipmon -Dsa doesn't log to security, but logs to local0 instead. Reading the man page for ipmon does in fact state this. However it also list the -L option as being able to change this default behavior, I tried ipmon -DSa -L security, it excepts this, but doesn't actually change the logging to use security. It still only outputs to the syslog using local0, I also tried using ipmon -DSa -L local7 as well, still outputs to local0. It was easy enough to modify my syslog.conf to output the local0.* as well as security.* to the /var/log/security file. However it would be greatly appreciated if someone that actually understands what's going on here could get this info updated. It would have saved me some time, as well as I am sure some other people in the future. Of course it's always possible I am missing something simple here that is causing this discrepancy, please do inform me if I did. It's probably worth mentioning that I am starting ipmon using the rc.conf file with ipmon_enable="YES" and ipmon_flags="-DSa", just in case the /etc/rc.d/ipmon script actually changes the default behavior of ipmon in some way, though I didn't see anything in it that should. And ps wwaux | grep ipmon does display the process running with the flags exactly as stated on the ipmon_flags line of the /etc/rc.conf file. Thanks, Dean Weimer Network Administrator Orscheln Management Co _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"