docs/79543: doc change to firewall section of handbook - 24.5.7 IPMON Logging

Joe fbsd_user at a1poweruser.com
Mon Apr 4 21:10:09 UTC 2005 

>Number:         79543
>Category:       docs
>Synopsis:       doc change to firewall section of handbook - 24.5.7 IPMON Logging
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 04 21:10:04 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Joe
>Release:        5.3 release
>Organization:
>Environment:
>Description:
***Change the following section ****

24.5.7 IPMON Logging
Syslogd uses its own special method for segregation of log data. It uses special groupings called ``facility'' and ``level''. IPMON in -Ds mode uses local0 as the ``facility'' name. All IPMON logged data goes to local0. The following levels can be used to further segregate the logged data if desired:

LOG_INFO - packets logged using the "log" keyword as the action rather than pass or block.
LOG_NOTICE - packets logged which are also passed
LOG_WARNING - packets logged which are also blocked
LOG_ERR - packets which have been logged and which can be considered short
To setup IPFILTER to log all data to /var/log/ipfilter.log, you will need to create the file. The following command will do that:

# touch /var/log/ipfilter.log
The syslog function is controlled by definition statements in the /etc/syslog.conf file. The syslog.conf file offers considerable flexibility in how syslog will deal with system messages issued by software applications like IPF.

Add the following statement to /etc/syslog.conf:

local0.* /var/log/ipfilter.log
The local0.* means to write all the logged messages to the coded file location.

To activate the changes to /etc/syslog.conf you can reboot or bump the syslog task into re-reading /etc/syslog.conf by running /etc/rc.d/syslogd reload (killall -HUP syslogd in FreeBSD 4.X).

Do not forget to change /etc/newsyslog.conf to rotate the new log you just created above.

**** To read as this *****

24.5.7 IPMON Logging
Syslogd uses its own special method for segregation of log data. It uses special groupings called ``facility'' and ``level''. IPMON in -Ds mode uses local0 or security as the ``facility'' name. All IPMON logged data goes to the `facility'' name of local0 for 4.10 & 4.11 releases and security for 5.3 and newer releases. The following levels can be used to further segregate the logged data if desired:
LOG_INFO - packets logged using the "log" keyword as the action rather than pass or block.
LOG_NOTICE - packets logged which are also passed
LOG_WARNING - packets logged which are also blocked
LOG_ERR - packets which have been logged and which can be considered short
To setup IPFILTER to log all data to /var/log/ipfilter.log, you will need to create the file. The following command will do that:
# touch /var/log/ipfilter.log
The syslog function is controlled by definition statements in the /etc/syslog.conf file. The syslog.conf file offers considerable flexibility in how syslog will deal with system messages issued by software applications like IPF.
Add the following statement to /etc/syslog.conf:
local0.*        /var/log/ipfilter.log      for 4.10 & 4.11
security.*      /var/log/ipfilter.log      for 5.3 and newer
The local0.*  and security.** means to write all the logged messages to the coded file location.
To activate the changes to /etc/syslog.conf you can reboot or bump the syslog task into re-reading /etc/syslog.conf by running /etc/rc.d/syslogd reload (killall -HUP syslogd in FreeBSD 4.X).
Do not forget to change /etc/newsyslog.conf to rotate the new log you just created above.


      
>How-To-Repeat:
      
>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-doc mailing list