From owner-freebsd-security Sun Apr 23 11:23:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 54C0937B60D for ; Sun, 23 Apr 2000 11:23:13 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id OAA70884; Sun, 23 Apr 2000 14:22:33 -0400 (EDT) (envelope-from cjc) Date: Sun, 23 Apr 2000 14:22:33 -0400 From: "Crist J. Clark" To: Mobeen Azhar Cc: Duncan , freebsd-security@FreeBSD.ORG Subject: Re: logging (from freebsd-questions) Message-ID: <20000423142233.D70371@cc942873-a.ewndsr1.nj.home.com> Reply-To: cjclark@home.com References: <4.2.0.58.20000422083806.00b4dee0@mail.bigpond.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from moby@pcsn.net on Sat, Apr 22, 2000 at 10:26:36AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Apr 22, 2000 at 10:26:36AM -0500, Mobeen Azhar wrote: > You need to have the "log" keyword specified in your ipfw ruiles in order to > log activities related to that rule. And was the kernel built with, options IPFIREWALL_VERBOSE #print information about And if so, did you set, options "IPFIREWALL_VERBOSE_LIMIT=100" #limit verbosity To something reasonable for you (100 might be kind of low for people with any serious uptime). > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Duncan > Sent: Friday, April 21, 2000 17:43 > To: freebsd-security@FreeBSD.ORG > Subject: RE: logging (from freebsd-questions) > > > yes the only thing i am getting in security is users logging in, > su and bad su etc.... > > > > >Fri Apr 21 12:36:30 EDT 2000 > >Hi, > >I get my firewall logs in /var/log/security > >Have you looked there. > >Andrew. > > > > > >On Fri, Apr 21, 2000 at 09:03:33PM +1000, Duncan wrote: > > > > Hello > > > > I'm am having trouble with my logs. > > I have tried various things like adding ' log_in_vain="YES" ' in > rc.conf > > (which i read from a post on the security list) > > > > !ipfw > > *.* /var/log/ipfw > > > > but the only information i am getting is stuff like : > > > > 00200 0 0 deny ip from any to 127.0.0.0/8 > > 01400 20 1008 deny log tcp from any to any via ppp0 setup > > 65535 602 28986 deny ip from any to any > > > > (from /var/log/ipfw.today) which by itself is useless for me. > > I am trying to set it up so i can see the source address and ports so i > at > > least > > can see more of what's going on. > > > > I have a custom kernel with the ipfirewall and divert for natd and am > currently > > running 3.2-release. > > sorry for not giving more information but i am new to this and not sure > > what else > > to put. > > > > Any help is much appreciated > > Thank you. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message