From owner-freebsd-questions@FreeBSD.ORG Sun Oct 30 20:28:40 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 70AF916A420 for ; Sun, 30 Oct 2005 20:28:40 +0000 (GMT) (envelope-from dmw@unete.cl) Received: from qmail1.ifxnetworks.com (qmail1.ifxnetworks.com [200.110.128.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5A8643D45 for ; Sun, 30 Oct 2005 20:28:39 +0000 (GMT) (envelope-from dmw@unete.cl) Received: (qmail 4624 invoked from network); 30 Oct 2005 20:28:39 -0000 X-Spam-DCC: wuwien: qmail1.ifxnetworks.com 1290; Body=1 Fuz1=1 Fuz2=1 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on qmail1.ifxnetworks.com X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.5 tests=none autolearn=disabled version=3.1.0 Received: from unknown (HELO hopto.org) ([200.73.29.115]) (envelope-sender ) by qmail1.ifxnetworks.com (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for ; 30 Oct 2005 20:28:38 -0000 Received: from hopto.org (aqwd19c2eo7ie8ng@localhost.daemon.cl [127.0.0.1]) by hopto.org (8.13.4/8.13.1) with ESMTP id j9UKTCNx092015; Sun, 30 Oct 2005 17:29:13 -0300 (CLST) (envelope-from dmw@unete.cl) Received: (from dmw@localhost) by hopto.org (8.13.4/8.13.1/Submit) id j9UKT8kA092012; Sun, 30 Oct 2005 17:29:08 -0300 (CLST) (envelope-from dmw@unete.cl) X-Authentication-Warning: dmw.hopto.org: dmw set sender to dmw@unete.cl using -f Date: Sun, 30 Oct 2005 17:29:08 -0300 From: Daniel Molina Wegener To: Eric F Crist Message-ID: <20051030202908.GA91787@dmw.hopto.org> References: <20051030033240.GA12647@dmw.hopto.org> <0B8C1785-53FF-4B2E-946B-CAF2B35E1172@secure-computing.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Description: message Content-Disposition: inline In-Reply-To: <0B8C1785-53FF-4B2E-946B-CAF2B35E1172@secure-computing.net> Organization: DMW Cc: FreeBSD Questions Subject: Re: firewall messages to syslogd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Daniel Molina Wegener List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Oct 2005 20:28:40 -0000 On Sun, Oct 30, 2005 at 09:22:39AM -0600, Eric F Crist wrote: > On Oct 29, 2005, at 10:32 PM, Daniel Molina Wegener wrote: > > > > >Hello, > > > > How can I add firewall log messages to syslogd, I have > >added the following lines to the syslog.conf: > > > ># router > >+router > >*.* /var/log/router.log > > > > Also, syslogd is running with the flag -a with the ip > >address of the firewall -- the mask, and service. > > > > The computer receive the packets to the 514 port -- > >I've used tcpdump to log the packets -- but the messages > >are not logged into the router.log file. > > > Try the following in your /etc/syslog.conf file, assuming you're > using ipfw as your firewall: No, the problem was while I trying to retreive syslog messages from a firewall. > #ipfw logging > !ipfw > *.* /var/log/router.log That's OK, and works well, the problem was with an external firewall/router sending messages to syslogd, port 514. This needs the use of +host_name to log messages from the host_name machine. Well, now it works... > Now, perform the following command, assuming your running FreeBSD 5.x+: > > # touch /var/log/router.log && chmod 0600 /var/log/router.log && /etc/ > rc.d/syslogd restart > > Let me know what happens.... Now syslogd is receiving messages from the firewall :) Thanks... > ----- > Eric F Crist > Secure Computing Networks > http://www.secure-computing.net > > [SNIP] Regards -- . 0 . | Daniel Molina Wegener . . 0 | dmw at unete dot cl 0 0 0 | FreeBSD Power User