From owner-freebsd-questions@FreeBSD.ORG Sun Oct 30 15:23:01 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 152DB16A420 for ; Sun, 30 Oct 2005 15:23:01 +0000 (GMT) (envelope-from ecrist@secure-computing.net) Received: from grog.secure-computing.net (grog.secure-computing.net [216.243.161.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F58E43D49 for ; Sun, 30 Oct 2005 15:23:00 +0000 (GMT) (envelope-from ecrist@secure-computing.net) Received: from [192.168.1.100] (snipe.secure-computing.net [216.243.161.77]) (authenticated bits=0) by grog.secure-computing.net (8.13.1/8.13.1) with ESMTP id j9UFN99D060225 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT); Sun, 30 Oct 2005 09:23:10 -0600 (CST) (envelope-from ecrist@secure-computing.net) DomainKey-Signature: a=rsa-sha1; s=grog; d=secure-computing.net; c=nofws; q=dns; h=in-reply-to:references:mime-version:content-type:message-id:cc: content-transfer-encoding:from:subject:date:to:x-mailer:x-spam-status:x-spam-checker-version; b=ZCb/++9BXdybS17e342aSbHF5Blixj2IAV+Gv72CNFTJdECFSn34cgY0YbhVPXJS2 Q6lAVqSaYeZ6gn6J4jLCw== In-Reply-To: <20051030033240.GA12647@dmw.hopto.org> References: <20051030033240.GA12647@dmw.hopto.org> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <0B8C1785-53FF-4B2E-946B-CAF2B35E1172@secure-computing.net> Content-Transfer-Encoding: 7bit From: Eric F Crist Date: Sun, 30 Oct 2005 09:22:39 -0600 To: Daniel Molina Wegener X-Mailer: Apple Mail (2.734) X-Spam-Status: No, score=-4.4 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on grog.secure-computing.net Cc: FreeBSD Questions Subject: Re: firewall messages to syslogd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Oct 2005 15:23:01 -0000 On Oct 29, 2005, at 10:32 PM, Daniel Molina Wegener wrote: > > Hello, > > How can I add firewall log messages to syslogd, I have > added the following lines to the syslog.conf: > > # router > +router > *.* /var/log/router.log > > Also, syslogd is running with the flag -a with the ip > address of the firewall -- the mask, and service. > > The computer receive the packets to the 514 port -- > I've used tcpdump to log the packets -- but the messages > are not logged into the router.log file. Try the following in your /etc/syslog.conf file, assuming you're using ipfw as your firewall: #ipfw logging !ipfw *.* /var/log/router.log Now, perform the following command, assuming your running FreeBSD 5.x+: # touch /var/log/router.log && chmod 0600 /var/log/router.log && /etc/ rc.d/syslogd restart Let me know what happens.... ----- Eric F Crist Secure Computing Networks http://www.secure-computing.net