From owner-freebsd-security Sat Apr 22 8:27: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail0.gncxnet.net (exch0.globalnetcorporation.com [216.115.32.5]) by hub.freebsd.org (Postfix) with ESMTP id 1771937B7AD for ; Sat, 22 Apr 2000 08:26:55 -0700 (PDT) (envelope-from moby@pcsn.net) Received: from u2.emp-reg1.com ([216.115.40.58]) by mail0.gncxnet.net (Post.Office MTA v3.5.3 release 223 ID# 0-59717U100L2S100V35) with SMTP id net; Sat, 22 Apr 2000 10:27:54 -0500 Received: from esi2 (esi2004033a506c1.emp-reg1.com [192.168.10.53]) by u2.emp-reg1.com (8.9.3/8.9.3) with SMTP id KAA23041; Sat, 22 Apr 2000 10:26:15 -0500 (CDT) (envelope-from moby@pcsn.net) From: "Mobeen Azhar" To: "Duncan" , Subject: RE: logging (from freebsd-questions) Date: Sat, 22 Apr 2000 10:26:36 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <4.2.0.58.20000422083806.00b4dee0@mail.bigpond.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You need to have the "log" keyword specified in your ipfw ruiles in order to log activities related to that rule. --Moby -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Duncan Sent: Friday, April 21, 2000 17:43 To: freebsd-security@FreeBSD.ORG Subject: RE: logging (from freebsd-questions) yes the only thing i am getting in security is users logging in, su and bad su etc.... >Fri Apr 21 12:36:30 EDT 2000 >Hi, >I get my firewall logs in /var/log/security >Have you looked there. >Andrew. > > >On Fri, Apr 21, 2000 at 09:03:33PM +1000, Duncan wrote: > > Hello > > I'm am having trouble with my logs. > I have tried various things like adding ' log_in_vain="YES" ' in rc.conf > (which i read from a post on the security list) > > !ipfw > *.* /var/log/ipfw > > but the only information i am getting is stuff like : > > 00200 0 0 deny ip from any to 127.0.0.0/8 > 01400 20 1008 deny log tcp from any to any via ppp0 setup > 65535 602 28986 deny ip from any to any > > (from /var/log/ipfw.today) which by itself is useless for me. > I am trying to set it up so i can see the source address and ports so i at > least > can see more of what's going on. > > I have a custom kernel with the ipfirewall and divert for natd and am currently > running 3.2-release. > sorry for not giving more information but i am new to this and not sure > what else > to put. > > Any help is much appreciated > Thank you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message