Re: ipfilter/ipmon log msgs
On Mon, 13 Jan 2003 17:23:52 -0500 JoeB [EMAIL PROTECTED] wrote: Is there a ipfilter web site that I can check man info page on ipmon to see if it has newer information that what FBSD has in it's man ipmon which would mean that the new man info was not updated into the new FBSD release of ipfilter which happened in FBSD 4.7 http://coombs.anu.edu.au/~avalon/ Regards, Stephen Hilton [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: ipfilter/ipmon log msgs
On Mon, Jan 13, 2003 at 05:23:52PM -0500, JoeB wrote: From: JoeB [EMAIL PROTECTED] To: Wayne Pascoe [EMAIL PROTECTED] Cc: FBSDQ [EMAIL PROTECTED] Subject: RE: ipfilter/ipmon log msgs Date: Mon, 13 Jan 2003 17:23:52 -0500 Did ipf -V and the which command on both ipf ipmon and they are both in same directory. The only thing that look questionable is ipf -V says log flags: 0 = none set. This mean that you haven't enable default logging of packets. (man 8 ipf search for -l option) And now to you original question: The author of ipmon man page when say that day, month and year are removed from messages he means that they are removed from messages that are taken from /dev/ipl, not that they aren't logged in log files. What you see in yours log files from beginning of line to colon character is appended from syslog and it's day, month and time of sending messages to system logger. We have two distinct events: 1. The date and time when packets are blocked or passed, the time when they are logged to /dev/ipl (what is actually removed, without time it's always logged) 2. The date and time when ipmon logs messages, the time when ipmon reads /dev/ipl and logs via syslog or write to console) Between this two events we have some time interval, so you must not mix up them. Does this mean ipfilter_flags= or ipmon_flags=-Ds What is this talking about?? In rc.conf I have ipfilter_enable=YES ipfilter_flags= ipnat_enable=YES ipmon_enable=YES ipmon_flags=-Ds Is there a ipfilter web site that I can check man info page on ipmon to see if it has newer information that what FBSD has in it's man ipmon which would mean that the new man info was not updated into the new FBSD release of ipfilter which happened in FBSD 4.7 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wayne Pascoe Sent: Monday, January 13, 2003 4:35 PM To: [EMAIL PROTECTED] Cc: FBSDQ Subject: Re: ipfilter/ipmon log msgs JoeB [EMAIL PROTECTED] writes: Man ipmon says than when option -s is selected to send ipfilter log messages to syslogd the day, month, year prefix is removed from the message before posting to syslogd. This does not happen. Firstly, ensure you're starting ipmon with the -Ds flags. This will put it in daemon mode and log through syslogd. I've had a problem with logfile formats in the past and this was because I was not running the correct version of ipmon. do sudo ipf -V Check the version. Then do which ipf Then check to see that the ipmon is running is in the same directory. Otherwise, post a sample log line... Regards, -- - Wayne Pascoe You know, it's simply not true that wars never settle anything - James Burnham To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, Dancho Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: ipfilter/ipmon log msgs
JoeB [EMAIL PROTECTED] writes: Man ipmon says than when option -s is selected to send ipfilter log messages to syslogd the day, month, year prefix is removed from the message before posting to syslogd. This does not happen. Firstly, ensure you're starting ipmon with the -Ds flags. This will put it in daemon mode and log through syslogd. I've had a problem with logfile formats in the past and this was because I was not running the correct version of ipmon. do sudo ipf -V Check the version. Then do which ipf Then check to see that the ipmon is running is in the same directory. Otherwise, post a sample log line... Regards, -- - Wayne Pascoe You know, it's simply not true that wars never settle anything - James Burnham To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: ipfilter/ipmon log msgs
Did ipf -V and the which command on both ipf ipmon and they are both in same directory. The only thing that look questionable is ipf -V says log flags: 0 = none set. Does this mean ipfilter_flags= or ipmon_flags=-Ds What is this talking about?? In rc.conf I have ipfilter_enable=YES ipfilter_flags= ipnat_enable=YES ipmon_enable=YES ipmon_flags=-Ds Is there a ipfilter web site that I can check man info page on ipmon to see if it has newer information that what FBSD has in it's man ipmon which would mean that the new man info was not updated into the new FBSD release of ipfilter which happened in FBSD 4.7 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wayne Pascoe Sent: Monday, January 13, 2003 4:35 PM To: [EMAIL PROTECTED] Cc: FBSDQ Subject: Re: ipfilter/ipmon log msgs JoeB [EMAIL PROTECTED] writes: Man ipmon says than when option -s is selected to send ipfilter log messages to syslogd the day, month, year prefix is removed from the message before posting to syslogd. This does not happen. Firstly, ensure you're starting ipmon with the -Ds flags. This will put it in daemon mode and log through syslogd. I've had a problem with logfile formats in the past and this was because I was not running the correct version of ipmon. do sudo ipf -V Check the version. Then do which ipf Then check to see that the ipmon is running is in the same directory. Otherwise, post a sample log line... Regards, -- - Wayne Pascoe You know, it's simply not true that wars never settle anything - James Burnham To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: ipfilter/ipmon log msgs
On Fri, 10 Jan 2003, JoeB wrote: I am using ipfilter for my firewall and ipmon to capture firewall error msgs. Where can I find description of the format of the ipmon msg text so I can decipher what the msgs are saying? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message man ipmon Marco Radzinschi E-Mail: [EMAIL PROTECTED] Sat Jan 11 11:50:58 EST 2003 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
