On Mon, Sep 20, 2004 at 10:27:22PM -0500, Eric F Crist wrote:

> IPFW used to log all entries with the 'log' included in the rule, but 
> randomely, to me, anyways, stopped doing so.  I can't seem to get it to 
> continue logging.
> Does anyone have any insight?  I'm running FreeBSD 4.10 from about 2 
> months ago.  I'm going to cvsup tonight to see if it helps.  what log 
> files can I check to verify things are working?  Thanks.

Are you just running into the verbose limit on log messages? That's
the setting of the net.inet.ip.fw.verbose_limit sysctl.  That exists
to prevent anyone DOS-ing you by sending so many nasty packets that
the log files fill up your disk.

I find setting this to a fairly high number (1024) and doing a daily
reset of the counters keeps the logging data coming through more or
less smoothly. I put this in /etc/daily.local:

    PATH=/usr/bin:/bin:/sbin ; export PATH
    ipfw resetlog
    # That's All Folks!



