Date: Fri, 15 Sep 2000 16:15:44 -0500 (CDT) From: Mike Meyer <mwm@mired.org> To: "Jeff Vehrs" <JWVEHRS@hewitt.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw log to dmesg??!! not security.log??!! Message-ID: <14786.37248.901508.157471@guru.mired.org> In-Reply-To: <8625695B.00738F41.00@lintng1.hewitt.com> References: <8625695B.00738F41.00@lintng1.hewitt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeff Vehrs writes: > Hmm... ok. Now, I have another question. Is there a way for me to "redirect" > ipfw messages away to the correct file? It sounds like you're still confused. On the other hand, you're also following common usage. My apologies if that's the case. ipfw doesn't log these deny messages. They come from the kernel firewall facility. ipfw is a command for configuring that facility. Those messaages aren't in the *wrong* file. They aren't in a file at all - they're in the the buffer that the dmesg command prints. That's where *all* kernel messages go, period. That includes the boot messages, informative messages from file systems, error messages from device drivers, etc. Now, you might be able to use syslog to send them to /etc/security.log as well; I don't have the kernel firewall turned on on any boxes at the moment to check on that capability with. Alternatively, you could use a userland firewall facility (/usr/ports/security/tcp_wrapper, for instance) to log these things wherever you want them. <mike > > > > From: Mike Meyer <mwm@mired.org> on 09/15/2000 02:28 PM > > To: Jeff Vehrs/National/Hewitt Associates@Hewitt Associates NA > cc: > Client: > Subject: Re: ipfw log to dmesg??!! not security.log??!! > > > > Jeff Vehrs writes: > > Yes. It is there in /etc/syslog.conf. > > > > However, I just type 'dmesg' and it has all ipfw "deny" messages, no more > > information(such as cdrom, video, etc...) there. What's the heck is going on? > > dmesg displays the system messages buffer. The kernel firewall > facility uses that, just like the boot information you're referring > to. You've apparently got enough ip stuff logged that the buffer has > filled, and the boot information is now gone. > > <mike > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14786.37248.901508.157471>