Date: Sun, 03 Apr 2005 01:00:21 +0000 From: as2sb3100@comcast.net To: freebsd-questions@FreeBSD.ORG Subject: RE: ipmon logging Message-ID: <040320050100.28578.424F40250003106600006FA22206999735CFCFCECC0D9CCD9C0E@comcast.net>
next in thread | raw e-mail | index | archive | help
I figured it was something like that. I read the man page for newsyslog and well not knowing very much about proccesses and stuff, I just skipped over the pid part. After doing some reading I figured out I had to put in the path to the pid. Now when newsyslog rotates the log file it restarts (or relaods or something) ipmon. RTFM realy helps. > After testing with 5.3 on my workbench box it seems that ipfilter > has changed between 4.11 and 5.3. The syslog.conf logging statement > of local0.* /var/log/security is only valid for the > ipfilter in the 4.x versions of Freebsd. > security.* /var/log/security is only valid for the > ipfilter in the 5.3 version and greater of Freebsd. > > > The official handbook is written for 4.11 release. It needs to be > updated for the 5.3 5.4 releases > > > > -----Original Message----- > From: as2sb3100@comcast.net [mailto:as2sb3100@comcast.net] > Sent: Friday, April 01, 2005 3:12 PM > To: bob@a1poweruser.com > Subject: RE: ipmon logging > > from the FAQ: > 1. # I have IPMon logging to syslog, but syslog doesn't log > anything, why not? > > IPF logs as local0 so you'll want something to the effect of: > local0.debug /var/log/ipf.log > in your syslog.conf. NOTE: There has to be atleast one TAB in > that line, not just spaces. > > It doesnt do this though, I think, I could mistaken. In my rc.conf > file I have ipmon_flags="Ds" and the line in syslog.conf from above > (I've also tried local0.* /var/log/ipf.log in syslog.conf) which > should do what it says above. All this is documented in the > Handbook. However, ipmon uses the security facility instead of > local0. This means that whenever something is logged by ipmon, it > gets loged to /var/log/security. If I change ipmon_flags="Ds" to > ipmon_flags="D /var/log/ipf.log" it works perectly. However, when > newsyslog rotates the file when it gets to 100k, ipmon stops > logging. When I run nmap I normaly get a bunch of stuff logged. > When newsyslog rotates the file it adds logfile turned over due > to..., and then nothing gets logged after that. So I know that it > stops logging after newsyslog rotates the log. I've been reading > through the newsyslog.conf man page, but I'm not sure what I'm > looking for. > > > > There is a new write up of IPF in the official manual that > explains > > in detail how to get ipmon to log to separate file. > > > > You have to give more technical details about what you have done. > > > > -----Original Message----- > > From: owner-freebsd-questions@freebsd.org > > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of > > as2sb3100@comcast.net > > Sent: Friday, April 01, 2005 1:50 PM > > To: freebsd-questions@freebsd.org > > Subject: ipmon logging > > > > According to every website I've read so far ipmon uses local0 as > the > > facility name. However, on my FreeBSD 5.3-RELEASE-p5 box, it logs > > to the security facility. The man page (in both 5.2.1 and 5.3) > for > > ipmon, with -s for logging to syslog says, "The default facility > > when compiled and installed is security". Can anyone explain > this? > > I'd like ipmon to log to a separate file so it doesn't fill up the > > security log. I've tried having ipmon log directly to a file, and > > not using syslog, but it stops logging when newsyslog rotates the > > file. Does anyone have any suggestions on what I could or should > > do? > > > > Eric > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "freebsd-questions-unsubscribe@freebsd.org" > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?040320050100.28578.424F40250003106600006FA22206999735CFCFCECC0D9CCD9C0E>