Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 2 Jan 1998 05:08:59 -0500 (EST)
From:      David Kott <dakott@alpha.delta.edu>
To:        freebsd-questions@freebsd.org
Subject:   logging ipfirewall LOG directives through syslogd
Message-ID:  <Pine.BSF.3.96.980102045028.1014A-100000@kott.my.domain>
next in thread | raw e-mail | index | archive | help 

I use the kernel IP firewall and use the "log" directive to alert me
to possibly nefarious network traffic.  However, I would like to channel
these messages through the syslog facility.  I added some code to the
kernel ip firewall to (apparently) log messages via the syslog() 
interface.  This is an example of what I added to:
FreeBSD 2.2.5-STABLE #0: Thu Jan  1 20:22:27 EST 1998
 
src/sys/netinet/ip_fw.c : ipfw_report(yutta, yutta..) 

...
openlog("ipfw",LOG_NDELAY,LOG_LOCAL7);
...

/* Print command name */
+       sprintf(buf,"ipfw: %d ", f ? f->fw_number : -1); 
-       printf("ipfw: %d ", f ? f->fw_number : -1);
        if (!f) 
+                sprintf(buf,"Refuse"); 
-                printf("Refuse");
        else
                switch (f->fw_flg & IP_FW_F_COMMAND) {
                case IP_FW_F_DENY: 
+                       sprintf(buf,"Deny"); 
-                       printf("Deny");
                        break;
....

syslog(LOG_INFO,buf);


Basically, removing all the kernel printf()'s, and replacing them with a
formatted print to a character string "buf".  Then, at the end, when all
those messages have concatenated appropriately into the line that would
normally get dumped on the console (or whathaveyou), I call syslog() and
send it to the syslog daemon.  However, when I attempt to compile my new
kernel, I get a message at the end, during the final link:

...
loading kernel 

ip_fw.o: Undefined symbol `_openlog' referenced from text
segment ip_fw.o: Undefined symbol `_syslog' referenced from text segment

*** Error code 1
                                                                                
Stop.

The only thing I am sure about is that I should leave kernel programming
to people who do it best.. namely, not myself!  In any case, if you have
any insight into what I am trying to do, and can suggest a solution, I
would LOVE to hear from you.

								-d

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980102045028.1014A-100000>