From owner-freebsd-questions@FreeBSD.ORG Tue Feb 26 15:03:27 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6D5231065670 for ; Tue, 26 Feb 2008 15:03:27 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from dirg.bris.ac.uk (dirg.bris.ac.uk [137.222.10.102]) by mx1.freebsd.org (Postfix) with ESMTP id 31DAE13C458 for ; Tue, 26 Feb 2008 15:03:27 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from isis.bris.ac.uk ([137.222.10.63]) by dirg.bris.ac.uk with esmtp (Exim 4.67) (envelope-from ) id 1JU1Kz-0001fP-Iv; Tue, 26 Feb 2008 15:03:26 +0000 Received: from mech-aslap33.men.bris.ac.uk ([137.222.184.33]) by isis.bris.ac.uk with esmtp (Exim 4.67) (envelope-from ) id 1JU1Ky-0001LT-BG; Tue, 26 Feb 2008 15:03:20 +0000 Received: from mech-aslap33.men.bris.ac.uk (localhost [127.0.0.1]) by mech-aslap33.men.bris.ac.uk (8.14.2/8.14.2) with ESMTP id m1QF1DMg087284; Tue, 26 Feb 2008 15:01:13 GMT (envelope-from mexas@bristol.ac.uk) Received: (from mexas@localhost) by mech-aslap33.men.bris.ac.uk (8.14.2/8.14.2/Submit) id m1QF1DLc087283; Tue, 26 Feb 2008 15:01:13 GMT (envelope-from mexas@bristol.ac.uk) X-Authentication-Warning: mech-aslap33.men.bris.ac.uk: mexas set sender to mexas@bristol.ac.uk using -f Date: Tue, 26 Feb 2008 15:01:13 +0000 From: Anton Shterenlikht To: Mel Message-ID: <20080226150113.GA87235@mech-aslap33.men.bris.ac.uk> Mail-Followup-To: Mel , freebsd-questions@freebsd.org References: <20080226132032.GA86468@mech-aslap33.men.bris.ac.uk> <200802261509.14823.fbsd.questions@rachie.is-a-geek.net> <20080226142537.GA87016@mech-aslap33.men.bris.ac.uk> <200802261542.52179.fbsd.questions@rachie.is-a-geek.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200802261542.52179.fbsd.questions@rachie.is-a-geek.net> User-Agent: Mutt/1.4.2.3i X-Spam-Score: -1.4 X-Spam-Level: - Cc: freebsd-questions@freebsd.org Subject: Re: IPMON log to syslog doesn't work X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2008 15:03:27 -0000 On Tue, Feb 26, 2008 at 03:42:51PM +0100, Mel wrote: > On Tuesday 26 February 2008 15:25:37 Anton Shterenlikht wrote: > > On Tue, Feb 26, 2008 at 03:09:14PM +0100, Mel wrote: > > > On Tuesday 26 February 2008 14:20:32 Anton Shterenlikht wrote: > > > > I'm trying to troubleshoot my ipfilter firewall, and I cannot get any > > > > log data, i.e. /var/log/ipfilter.log is empty. > > > > > > Does: > > > # logger -p security.notice test > > > put anything in the log? > > > > yes: > > > > # logger -p security.notice test > > # cat /var/log/ipfilter.log > > Feb 26 00:00:00 mech-cluster238 newsyslog[21510]: logfile turned over > > Feb 26 14:17:07 mech-cluster238 mexas: test > > # cat /var/log/security > > Jul 20 10:52:47 newsyslog[463]: logfile first created > > Feb 26 14:17:07 mech-cluster238 mexas: test > > # > > > > so what does this mean? > > That syslog works correctly and it's really ipmon. Are you sure it's running? > How about ipmon -s (without the -D), does that turn up in syslog? # ipmon -s& [1] 23892 # ps ax | grep ipmon 23892 p0 S 0:00.11 ipmon -s 23908 p0 R+ 0:00.00 grep ipmon # but the logs are still empty: # cat /var/log/ipfilter.log Feb 26 00:00:00 mech-cluster238 newsyslog[21510]: logfile turned over Feb 26 14:17:07 mech-cluster238 mexas: test # cat /var/log/security Jul 20 10:52:47 newsyslog[463]: logfile first created Feb 26 14:17:07 mech-cluster238 mexas: test # however: # ipmon -D 26/02/2008 14:49:59.202056 3x dc0 @0:1 b 137.222.187.22,1004 -> 255.255.255.255, 1004 PR udp len 20 67 IN broadcast 26/02/2008 14:50:13.064314 2x dc1 @0:1 b 10.10.10.7,520 -> 10.10.10.255,520 PR u dp len 20 72 IN broadcast ^C # Perhaps I should play with other ipmon flags as well? thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423