error in the FBSD handbook sec 28.5.7 IPMON Logging
Anton Shterenlikht
mexas at bristol.ac.uk
Wed Feb 27 11:15:02 UTC 2008
Hello
The handbook seems to be wrong in section 28.5.7 IPMON Logging:
"Add the following statement to /etc/syslog.conf:
security.* /var/log/ipfilter.log
The security.* means to write all the logged
messages to the coded file"
It appears that instead of "security" one must use "local0".
According to the IPF FAQ:
http://www.phildev.net/ipf/IPFipmon.html#ipmon1
Q. I have IPMon logging to syslog, but syslog doesn't
log anything, why not?
A. IPF logs as local0 so you'll want something to the effect of:
local0.debug /var/log/ipf.log in your syslog.conf.
NOTE: There has to be atleast one TAB in that line, not just spaces.
I got my ipmon logging working only after I changed
"security.*" to "local0.*" in /etc/syslog.conf:
# grep local0 /etc/syslog.conf
local0.* /var/log/ipfilter.log
#
I was also told in the fbsd-questions mailing list
(I haven't checked this myself) that:
"The weird thing is the following:
http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/ipfilter/tools/ipmon.c?rev=1.4.2.2
#ifndef LOGFAC
#define LOGFAC LOG_LOCAL0
#endif
In the contrib/ipfilter/Makefile it is set to security, but...freebsd builds
with src/sbin/ipf/ipmon and there it is indeed LOG_LOCAL0."
The full thread which led to this resolution is here:
http://lists.freebsd.org/pipermail/freebsd-questions/2008-February/169638.html
many thanks
anton
--
Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 928 8233
Fax: +44 (0)117 929 4423
More information about the freebsd-doc
mailing list