Howdy,
I was curious if there was a way to setup logging of *failed* attempts to
login to a PPTP Server hosted on freebsd 7? I can only see successful
logins.
On a similar note is there a way to log successful and failed attempts to
SSH into freebsd?
Thanks for the help!
Alan
Hi,
i use ftpd (base system), logging login, xfer, auth failure. What i
need is to log the IP address of the client, not the hostname.
I looked in ftpd(8) ma it seems it's not possible to disable the
reverse resolution.
Any idea?
Thanks in advance
--
Cris, member of G.U.F.I
Italian FreeBSD
2009/7/20 Cristiano Deana cristiano.de...@gmail.com:
Hi,
i use ftpd (base system), logging login, xfer, auth failure. What i
need is to log the IP address of the client, not the hostname.
I looked in ftpd(8) ma it seems it's not possible to disable the
reverse resolution.
Any idea
help. I'd like to turn to Skype support for
help, so I tried to turn on logging as described here:
http://lnk.nu/developer.skype.com/ww4
... but the log file is not created, so it's hard to expect any help
from the folks at Skype.
Does anyone know how to turn on logging in this version
OK, it goes like this:
Dell Inspiron 1318, boot -v can be found in here:
http://pastebin.com/f3a1c204a
sysctl -a | grep hw.acpi | sort can be found in here:
http://pastebin.com/fcfc0035
First shot: Try the Livefs CD, myhost# acpiconf -s 3 WORKS !!!
The machine goes into suspend state and
On Thursday 28 May 2009 00:43:56 Gonzalo Nemmi wrote:
Note: I can ssh into the notebook, then su - and issue acpiconf -s
3, but I can't get the notebook to WOL .. so .. I have to press the
power button on the notebook to get it to resume and as a consecuence,
those messages are sent to stdout
FreeBSD7-amd64:
I set up /usr/ports/net/isc-dhcp30-server
for static IP addresses (based on the MacAddress)
This works, but I wonder where I can see information of the status?
1. The doc says I should see dhcp log messages (default in /var/log/messages)
but I see nothing about dhcp in
On Thursday 07 May 2009 12:00:10 Pieter Donche wrote:
2. Is there any tool to see what Statically assigned IP address are handed
out at a given time?
(I also see nothing in /var/db/dhcpd/dhcpd.leases file execpt comments)
Add omapi-port 7911; to dhcpd.conf.
Then, as follows:
$ omshell
On Monday 15 December 2008 15:09:31 Polytropon wrote:
Hi!
I'm going to setup a system with a dial-up modem for sporadic
Internet access; a provider that charges per second online time
is used. Is there a way ppp (which is used for dialing) can log
the online time (or at least the
Hi!
I'm going to setup a system with a dial-up modem for sporadic
Internet access; a provider that charges per second online time
is used. Is there a way ppp (which is used for dialing) can log
the online time (or at least the connection's start and stop time)
so the costs can be calculated?
I'm going to setup a system with a dial-up modem for sporadic
Internet access; a provider that charges per second online time
is used. Is there a way ppp (which is used for dialing) can log
the online time (or at least the connection's start and stop time)
so the costs can be calculated?
Many thanks for your ideas. I think I'll use #2 and have start
and stop time recorded in epoch format (because its easy to
get the substraction result instead of fiddling around with
date's ymdhms parameters).
This is because I'm not very familiar with ppp's logs, and
maybe they provide the
Is there a way to re-configure how syslogd presents the date
in the syslog files?
Presently, the date is usually MMM DD
I would prefer MMDD
however I cannot find anywhere where this is possible.
TIA, Jim
___
freebsd-questions@freebsd.org
fquest wrote:
Is there a way to re-configure how syslogd presents the date
in the syslog files?
Presently, the date is usually MMM DD
I would prefer MMDD
however I cannot find anywhere where this is possible.
It isn't. Consider syslog-ng from the ports.
Peter
--
I've had my screen lock a few times and log out automatically once. If it's any
help, it's happened while running qemu.
_
See how Windows Mobile brings your life together—at home, work, or on the go.
Hey all,
I have the following rule set up in ipfw to limit the exposure of bad php
scripts and trojans that try to send mail directly.
allow tcp from any to any dst-port 25 uid root
deny log tcp from any to any dst-port 25 out
However, the log messages I get look like this:
Sep 8 13:21:11
to ipfw_log() so
that ipfw_chk() can pass it the ugid_lookup flag and a pointer to the
fw_ugid_cache struct. Then you can edit ipfw_log to print the contents
of that struct if ugid_lookup==1. That would result in the logging of
uid for any failed packet that had to go through a uid check on the way
more arguments to ipfw_log() so
that ipfw_chk() can pass it the ugid_lookup flag and a pointer to the
fw_ugid_cache struct. Then you can edit ipfw_log to print the contents
of that struct if ugid_lookup==1. That would result in the logging of
uid for any failed packet that had to go through a uid
. That would result in the logging of
uid for any failed packet that had to go through a uid check on the way
to the deny rule.
Okay, so if it's fairly easy to do, the question would be since I don't
feel right hacking in this change myself -- how could I propose this as a
feature? It's
by amule under ~/.aMule
(logfile and logfile.bak) normally doesn't tell you much about it.
Thank you
--
View this message in context:
http://www.nabble.com/Network-Card-issues-logging-and-aMule-tp19209461p19209461.html
Sent from the freebsd-questions mailing list archive at Nabble.com
Hi everyone
I am currently using Marvell Yukon's 88E8053 Network card and after a few
searches on google, i noticed that this card has a few issues. Fortunately,
I could use the network card without the need to do any manual labor.
However, I noticed that the network card crashes after perhaps 72
Are there are any flags or tricks to get these two daemons to log IP
addresses of failed login attempts, rather than PTR hostnames?
man ftpd
man sshd
... show nothing, afaics.
thanks
Len
___
freebsd-questions@freebsd.org mailing list
there is a solution:
1. Edit /etc/inetd.conf
ftp stream tcp nowait root/usr/libexec/ftpd ftpd -ll
ftp stream tcp6nowait root/usr/libexec/ftpd ftpd -ll
The flags -ll enable extended logging.
2. Edit /etc/syslog.conf:
!ftpd
17:05:30 mx1 ftpd[1625]: FTP LOGIN FAILED FROM domain.tld, user
The flags -ll enable extended logging.
2. Edit /etc/syslog.conf:
!ftpd
*.* /var/log/ftpd.log
3. Create the log file
# touch /var/log/ftpd.log
same
On Sun, 24 Aug 2008 17:18:55 -0500, Len Conrad [EMAIL PROTECTED] wrote:
with -ll, ftpd still logs failures as auth.log as
same in ftpd.log
[The IPs] they are not logged.
I did the three steps I mentioned and have failures with IPs
logged in /var/log/ftpd.log, for example:
connection
with -ll, ftpd still logs failures as auth.log as
same in ftpd.log
[The IPs] they are not logged.
I did the three steps I mentioned and have failures with IPs
logged in /var/log/ftpd.log, for example:
connection from 79.165.190.70 (79.165.190.70)
FTP LOGIN FAILED FROM
Hi,
I'm running 7.0-RELEASE-p2 (amd64). I'm running Postfix 2.5.1_2,1 mail server
instead of the default Sendmail which ships with base distribution.
My mail server is working fine with no issues except that I noticed that some
messages in /var/log/messages:
88
Jun 29 03:12:45
आशीष शुक्ल Ashish Shukla wrote:
Hi,
I'm running 7.0-RELEASE-p2 (amd64). I'm running Postfix 2.5.1_2,1 mail
server instead of the default Sendmail which ships with base distribution.
My mail server is working fine with no issues except that I noticed that
some messages in
,--- Michael Powell writes:
| आशीष शुक्ल Ashish Shukla wrote:
|| Hi,
||
|| I'm running 7.0-RELEASE-p2 (amd64). I'm running Postfix 2.5.1_2,1 mail
|| server instead of the default Sendmail which ships with base distribution.
||
|| My mail server is working fine with no issues except that I
Hi,
somehow I have miss-understood how to get syslogd to recieve logs from
another host, well my actual problem is syslog bitching likse this:
Mar 25 01:00:00 kern.emerg syslogd: unknown priority name
Mar 25 05:00:00 kern.emerg syslogd: unknown priority name
Mar 25 09:00:01 kern.emerg
no
permission to log to files owned by root (syslogd).
I solved that by logging into a different subdir owned by daemon.
OK thanks. (I am the original poster, but I'd accidentally posted
using my wife's role).
Is there any reason not to simply do a
cd /var/log
chown -R daemon .
also
chown
/etc/devfs.conf
for console logging.
Will log rotation preserve daemon ownership?
Never used the *traditional* log style with syslog-ng, I stored
everything per day/month/year/server.
I ended up running syslog-ng as root, which is probably a bad idea as
well, so I cannot give you any
/devfs.conf
More things to learn. I'm not really concerned about logging to
console anyway, as the machine will run headless most of the time.
Will log rotation preserve daemon ownership?
Never used the *traditional* log style with syslog-ng, I stored
everything per day/month/year/server
Jeffrey Goldberg wrote:
This is the first I've heard of mtree. I just looked mtree(8), but I
take it that mtree is run periodically somehow to fix things. Do
you know where?
I can always keep my logs in some place other than /var/log if this is
an issue.
IIRC it's done at boot time.
I've just installed syslog-ng from ports on 7.0B4.
I put the following into /etc/rc.conf
syslog_ng_enable=YES
syslog_ng_config=-u daemon
syslog_ng_pid=/var/run/syslog-ng.pid
And my syslog-ng.conf file is very similar to the example one (plus
some special destinations for things that come in
anywhere, including to console, since the time I
killed the system syslogd.
Any suggestions of where I should look to debug this?
Yup, file permissions. While your syslog-ng runs as daemon, it has no
permission to log to files owned by root (syslogd).
I solved that by logging into a different
Found another useful tool for logging system load. It's called Munin
and it's in ports as sysutils/munin-node sysutils/munin-main. It's
nifty -- uses rrdtool to graph various things. Some of the plugins
are shabby and need some work to get running but the system load
plugin works fine out
It is a very usuful tool ..
Here is the website http://munin.projects.linpro.no/
Thanks
Hakan
http://jump2top.com
On 8/14/07, James [EMAIL PROTECTED] wrote:
Found another useful tool for logging system load. It's called Munin
and it's in ports as sysutils/munin-node sysutils/munin
Hello,
On Thu, 2 Aug 2007 13:44:33 +0300, Nikos Vassiliadis [EMAIL PROTECTED]
wrote:
On Wednesday 25 July 2007 20:50, Momchil Ivanov wrote:
На Wednesday 25 July 2007 19:38:41 Zbigniew Szalbot написа:
Dear all,
Is there a tool similar to top which would measure system load and
write it
On Wednesday 25 July 2007 20:50, Momchil Ivanov wrote:
На Wednesday 25 July 2007 19:38:41 Zbigniew Szalbot написа:
Dear all,
Is there a tool similar to top which would measure system load and
write it to a file that could later be analyzed? The time when my
system is most loaded happens
On Thursday 02 August 2007 13:52, Zbigniew Szalbot wrote:
Hello,
On Thu, 2 Aug 2007 13:44:33 +0300, Nikos Vassiliadis
[EMAIL PROTECTED]
wrote:
On Wednesday 25 July 2007 20:50, Momchil Ivanov wrote:
На Wednesday 25 July 2007 19:38:41 Zbigniew Szalbot написа:
Dear all,
Is there a
Nikos Vassiliadis wrote:
On Wednesday 25 July 2007 20:50, Momchil Ivanov wrote:
На Wednesday 25 July 2007 19:38:41 Zbigniew Szalbot написа:
Dear all,
Is there a tool similar to top which would measure system load and
write it to a file that could later be analyzed? The time when my
On Thu, 2 Aug 2007 12:52:20 +0200 Zbigniew Szalbot [EMAIL PROTECTED] wrote:
On Thu, 2 Aug 2007 13:44:33 +0300, Nikos Vassiliadis [EMAIL PROTECTED]
wrote:
On Wednesday 25 July 2007 20:50, Momchil Ivanov wrote:
Ðа Wednesday 25 July 2007 19:38:41 Zbigniew Szalbot напиÑа:
Dear
Dear all,
Is there a tool similar to top which would measure system load and write it
to a file that could later be analyzed? The time when my system is most
loaded happens between 3 and 5 a.m. so a trace of the system load would be
a wonderful thing to have. I need it to tailor some of the jobs
In response to Zbigniew Szalbot [EMAIL PROTECTED]:
Dear all,
Is there a tool similar to top which would measure system load and write it
to a file that could later be analyzed? The time when my system is most
loaded happens between 3 and 5 a.m. so a trace of the system load would be
a
На Wednesday 25 July 2007 19:38:41 Zbigniew Szalbot написа:
Dear all,
Is there a tool similar to top which would measure system load and write it
to a file that could later be analyzed? The time when my system is most
loaded happens between 3 and 5 a.m. so a trace of the system load would be
out the wrong
values from the commands it runs (top and such) and end up logging
crazy values such as 0% idle when it's really 100% idle.
Despite that problem I'd recommend it -- it's a useful tool IMHO.
--
James.
___
freebsd-questions
(base or ports) the behavior such as
chroot, logging, etc. is controlled by the combination of
/etc/rc.d/named and your named.conf options. Therefore this
discussion
applies equally well either way.
I use FreeBSD 6.2 with the named come with the base.
/etc/rc.conf
named_enable=YES
).
By default chroot is used.
It's not a major issue, but it's probably worth pointing out that
whatever code base you use (base or ports) the behavior such as
chroot, logging, etc. is controlled by the combination of
/etc/rc.d/named and your named.conf options. Therefore this
discussion
applies
this is what i have from 5.2
logging {
channel namedlog {
file /var/log/named.log;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category lame-servers
in named.conf (enabled local0.* in
syslog.conf) , but still no luck. Any suggestions?
logging {
channel named-log {
//syslog daemon;
syslog local0;
severity info;
print-category yes;
};
category default { named-log
in named.conf (enabled local0.* in
syslog.conf) , but still no luck. Any suggestions?
logging {
channel named-log {
//syslog daemon;
syslog local0;
severity info;
print-category yes;
};
category default { named-log
I am running the command like this:
DATE_YEAR=`date +%Y`
DATE_MONTH=`date +%m`
DATE_DAY=`date +%d`
LOG_BASE=$HOME/var/log/portupgrade
LOG=${LOG_BASE}/${DATE_YEAR}/${DATE_MONTH}/${DATE_DAY}_%s:%s.log
portupgrade \
-aRrv \
--batch \
-L ${LOG}
No files are ever created in
${LOG}
No files are ever created in ~/var/log/portupgrade/2007/05.
Am I misunderstanding something about the -L switch?
MC
Cosmic ray.
It's just started logging.
Never mind...
MC
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org
At 08:48 PM 4/13/2007, you wrote:
Janos Dohanics [EMAIL PROTECTED] wrote:
I'm trying capture logs from m0n0wall, but the log file is empty.
Here is my configuration:
On the logging machine, in /etc/rc.conf:
syslogd_flags=-a 10.61.70.1
In /etc/syslog.conf:
+10.61.70.1
[EMAIL PROTECTED] wrote:
At 08:48 PM 4/13/2007, you wrote:
Janos Dohanics [EMAIL PROTECTED] wrote:
I'm trying capture logs from m0n0wall, but the log file is empty.
Here is my configuration:
On the logging machine, in /etc/rc.conf:
syslogd_flags=-a 10.61.70.1
On Apr 13, 2007, at 22:44, [EMAIL PROTECTED] wrote:
At 08:48 PM 4/13/2007, you wrote:
Janos Dohanics [EMAIL PROTECTED] wrote:
I'm trying capture logs from m0n0wall, but the log file is empty.
Here is my configuration:
On the logging machine, in /etc/rc.conf:
syslogd_flags
I'm trying capture logs from m0n0wall, but the log file is empty.
Here is my configuration:
On the logging machine, in /etc/rc.conf:
syslogd_flags=-a 10.61.70.1
In /etc/syslog.conf:
+10.61.70.1
*.* /var/log/m0n0wall.log
/var/log/m0n0wall.log
Janos Dohanics [EMAIL PROTECTED] writes:
I'm trying capture logs from m0n0wall, but the log file is empty.
[...]
The m0n0wall is configured to send logs to 10.61.70.100, which is the
logging machine.
What am I missing?
If 10.61.70.100 runs FreeBSD, syslogd_flags defaults to -s, which
At 03:45 PM 4/13/2007, you wrote:
Janos Dohanics [EMAIL PROTECTED] writes:
I'm trying capture logs from m0n0wall, but the log file is empty.
[...]
The m0n0wall is configured to send logs to 10.61.70.100, which is the
logging machine.
What am I missing?
If 10.61.70.100 runs FreeBSD
[EMAIL PROTECTED] writes:
Dag-Erling Smørgrav [EMAIL PROTECTED] writes:
If 10.61.70.100 runs FreeBSD, syslogd_flags defaults to -s, which
disables the listening socket.
Yes, 10.61.70.100 is running 5.5-STABLE, and I have in /etc/rc.conf there:
syslogd_flags=-a 10.61.70.1/32
Check with
Janos Dohanics [EMAIL PROTECTED] wrote:
I'm trying capture logs from m0n0wall, but the log file is empty.
Here is my configuration:
On the logging machine, in /etc/rc.conf:
syslogd_flags=-a 10.61.70.1
In /etc/syslog.conf:
+10.61.70.1
At 06:28 PM 4/13/2007, you wrote:
[EMAIL PROTECTED] writes:
Dag-Erling Smørgrav [EMAIL PROTECTED] writes:
If 10.61.70.100 runs FreeBSD, syslogd_flags defaults to -s, which
disables the listening socket.
Yes, 10.61.70.100 is running 5.5-STABLE, and I have in /etc/rc.conf there:
At 08:48 PM 4/13/2007, you wrote:
Janos Dohanics [EMAIL PROTECTED] wrote:
I'm trying capture logs from m0n0wall, but the log file is empty.
Here is my configuration:
On the logging machine, in /etc/rc.conf:
syslogd_flags=-a 10.61.70.1
In /etc/syslog.conf:
+10.61.70.1
On Mar 23, 2007, at 2:54 PM, David Robillard wrote:
Thnx for the tip. Found out that it was not the airport UDP port.
It is
some misconfiguration in my DNS, but still don't get why it
doesn't work
as expected. For some reason my DNS-name is snipped just before
the TLD.
Oh btw i changed
Thnx for the tip. Found out that it was not the airport UDP port. It is
some misconfiguration in my DNS, but still don't get why it doesn't work
as expected. For some reason my DNS-name is snipped just before the TLD.
Oh btw i changed some configs
I prepended to /etc/syslog.conf the next and
Hello,
I'm trying to put up a remote logging server. I want to let my
Airport Express send its logs to my FreeBSD server.
So I said to my Airport to send its logs to the internal ip of my
server, I suppose it works because that's what Apple hardware does.
Now I did the following things on my
On Mar 22, 2007, at 3:45 PM, David Robillard wrote:
Hello,
I'm trying to put up a remote logging server. I want to let my
Airport Express send its logs to my FreeBSD server.
So I said to my Airport to send its logs to the internal ip of my
server, I suppose it works because that's what Apple
On Mar 22, 2007, at 10:44 PM, Guido Demmenie wrote:
On Mar 22, 2007, at 3:45 PM, David Robillard wrote:
Hello,
I'm trying to put up a remote logging server. I want to let my
Airport Express send its logs to my FreeBSD server.
So I said to my Airport to send its logs to the internal ip
Hello,
I'm trying to put up a remote logging server. I want to let my
Airport Express send its logs to my FreeBSD server.
So I said to my Airport to send its logs to the internal ip of my
server, I suppose it works because that's what Apple hardware does.
Now I did the following things
run syslogd in the foreground without daemonizing:
$ sudo syslogd -dv [flags]
If you don't see anything, tcpdump(8) and validate that UDP/514 packets
are coming in.
~BAS
On Wed, 2007-03-21 at 17:35 +0100, Guido Demmenie wrote:
Hello,
I'm trying to put up a remote logging server. I want
Hello,
I have 2 servers running isc-dhcp3-server and syslog-ng. I have
configured dhcpd to run in a chroot. The following (reproducible)
sequence of events cause dhcpd logging to break:
1) Start syslog-ng
2) Start isc-dhcpd (At this point, logging is working fine)
3) `pkill -HUP syslog-ng
Hi
Can anyone tell?
Are there any log files which shows who is logging to a FreeBSD box and
when? If yes, where can one find them?
--
Thanks!
BR / vj
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd
VeeJay wrote:
Hi
Can anyone tell?
Are there any log files which shows who is logging to a FreeBSD box and
when? If yes, where can one find them?
The file /var/log/auth.log should contain all the information you are
looking for.
man syslog.conf and man syslogd for more information
Hi,
cat /var/log/auth.log
or
tail -f /var/log/auth.log
Kind regards
Tim
Från: [EMAIL PROTECTED] genom VeeJay
Skickat: fr 2007-01-12 20:10
Till: [EMAIL PROTECTED]; FreeBSD-Questions
Ämne: Are there any log files which shows who is logging to a FreeBSD
hi, have a look at /var/log/auth.log
(and also on utmp)
VeeJay wrote:
Hi
Can anyone tell?
Are there any log files which shows who is logging to a FreeBSD box and
when? If yes, where can one find them?
___
freebsd-questions@freebsd.org mailing
On Jan 12, 2007, at 11:10 AM, VeeJay wrote:
Can anyone tell?
Are there any log files which shows who is logging to a FreeBSD box
and
when? If yes, where can one find them?
Yes, see the last command or man wtmp...
--
-Chuck
___
freebsd-questions
is logging to a FreeBSD box and
when? If yes, where can one find them?
--
Thanks!
BR / vj
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
--
Greg
I'll try to follow up to two posts instead of replying twice, so I
hope nobody gets confused here. :-)
On 04/01/07, Vizion [EMAIL PROTECTED] wrote:
- Original Message
From: Bill Moran [EMAIL PROTECTED]
Many shells keep a history as a matter of normal operation. You might
find that
Stan Halprin wrote:
747478Hi;
I know I'm a clutz but I'm sick and tired of doing some stupid thing that
crashes my server, then trying to figure out what I did. Is there something out
there that could log everything I did so that I could review it each time I
shoot myself in the foot?
TIA
- Original Message
From: Bill Moran [EMAIL PROTECTED]
Many shells keep a history as a matter of normal operation. You might
find that enough for you. Personally, I use bash, and the command
history brings the last 100 commands or so.
No, this isn't sufficient. The problems are:
1)
- Original Message
From: Bill Moran [EMAIL PROTECTED]
Many shells keep a history as a matter of normal operation. You might
find that enough for you. Personally, I use bash, and the command
history brings the last 100 commands or so.
No, this isn't sufficient. The problems are:
1)
8376- Original Message
From: Vizion [EMAIL PROTECTED]
I am not certain if you are using X or console.
console
As far as file editing is concerned if the file is important to you then you
might
want to try saving a snapshot when you open the file and use a small script to
both save
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stan Halprin
Sent: Thursday, January 04, 2007 8:46 AM
To: freebsd-questions@freebsd.org
Subject: Re: Clutz-Proof Logging
8376- Original Message
From: Vizion [EMAIL PROTECTED]
I am
On Thu, January 4, 2007 10:46 am, Stan Halprin wrote:
What is a snapshot? I could just make a backup copy of it, which is
what I was thinking of doing, and revert if necessary. Of course, that
supposes I remember to do that :/ I was hoping for some program
smarter than me.
Jumping into the
- Original Message
From: Richard Lynch [EMAIL PROTECTED]
Jumping into the middle of a thread, possibly to disastrous effect...
Perhaps you should be using subversion or CVS to keep version control
of your document?
Far as I can tell from what's being said.
Hmm. Maybe so. Good
747478Hi;
I know I'm a clutz but I'm sick and tired of doing some stupid thing that
crashes my server, then trying to figure out what I did. Is there something out
there that could log everything I did so that I could review it each time I
shoot myself in the foot?
TIA
Stan
Stan Halprin [EMAIL PROTECTED] wrote:
747478Hi;
I know I'm a clutz but I'm sick and tired of doing some stupid thing
that crashes my server, then trying to figure out what I did. Is there
something out there that could log everything I did so that I could
review it each time I shoot myself
On Tue, 12 Sep 2006 15:51:08 -0400
Bart Silverstrim [EMAIL PROTECTED] wrote:
Something inside our network is infected with a spam-mailing trojan.
We now have our PIX firewall set to block all outgoing traffic to
port 25 unless it is from our mail server.
you should also accept only
This will probably be kind of wordy, but I could use some advice on
how to track it.
I have a freebsd system acting as a gateway (it's using IP
forwarding) so it can act as a web proxy server and filter for the
users. It is also filtering incoming email to act as a mail filter
between
configs you have to have in
place for logging to work, though.
--
Bill Moran
Collaborative Fusion Inc.
IMPORTANT: This message contains confidential information and is
intended only for the individual named. If the reader
the top of my head ...
ipfw add 25 log tcp from any to any 25
should work. There are certain kernel configs you have to have in
place for logging to work, though.
Better to use something like:
ipfw add 1 log tcp from any to me 25 setup
If Bart would like to use tcpdump for the same purpose
to sniffing
with tcpdump or wireshark or ethereal?
Off the top of my head ...
ipfw add 25 log tcp from any to any 25
should work. There are certain kernel configs you have to have in
place for logging to work, though.
Better to use something like:
ipfw add 1 log tcp from any to me
to sniffing
with tcpdump or wireshark or ethereal?
Off the top of my head ...
ipfw add 25 log tcp from any to any 25
should work. There are certain kernel configs you have to have in
place for logging to work, though.
Better to use something like:
ipfw add 1 log tcp from any to me 25 setup
)'
Maybe my ipfw is old; it kept telling me that log is an invalid
action. However, I think I may be able to get the tcpdump idea to
work.
There's a kernel option you need to enable for IPFW to do logging.
If you're kldload'ing the ipfw module, it probably wasn't compiled
with IPFW_LOGGING
-nt 'port 25 and (tcp[tcpflags] tcp-syn != 0)'
Maybe my ipfw is old; it kept telling me that log is an invalid
action. However, I think I may be able to get the tcpdump idea to
work.
There's a kernel option you need to enable for IPFW to do logging.
If you're kldload'ing the ipfw
There's a kernel option you need to enable for IPFW to do
logging.
If you're kldload'ing the ipfw module, it probably wasn't compiled
with IPFW_LOGGING or whatever the exact name is.
I had set the verbosity (I think that was the parameter) from
googling around earlier
Hi,
I've compiled racoon (IPSec-Tools / FreeBSD Ports) various times
with --disable-debug
Debug messages keeps ending up in syslog :(
How can I disable the debug output???
Regards,
Chris.
___
freebsd-questions@freebsd.org mailing list
I am trying to get syslogd configured to do remote logging to another
box. In my syslog.conf on the local machine I have:
local0.* @xx.xx.xx.xx
In syslog.conf on the remote machine I have:
local0.* /some/file.log
and I have added the syslogd_flags=-a xx.xx.xx.xx/xx to rc.conf on
the remote
--On Monday, August 21, 2006 14:40:37 -0500 Josh Paetzel [EMAIL PROTECTED]
wrote:
I am trying to get syslogd configured to do remote logging to another
box. In my syslog.conf on the local machine I have:
local0.* @xx.xx.xx.xx
In syslog.conf on the remote machine I have:
local0.* /some
101 - 200 of 423 matches
Mail list logo