Date: Sat, 16 Jan 2010 16:41:31 +0000 From: Anton Shterenlikht <mexas@bristol.ac.uk> To: Anton Shterenlikht <mexas@bristol.ac.uk> Cc: freebsd-questions@freebsd.org Subject: SOLVED: Re: syslog - ipmon(8) logs to a wrong log file? Message-ID: <20100116164131.GJ91835@mech-cluster241.men.bris.ac.uk> In-Reply-To: <20100116162337.GI91835@mech-cluster241.men.bris.ac.uk> References: <20100116162337.GI91835@mech-cluster241.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 16, 2010 at 04:23:37PM +0000, Anton Shterenlikht wrote: > This is on FreeBSD 9.0-CURRENT ia64. > I've ipfilter built into the kernel, > with logging enabled: > > options IPFILTER > options IPFILTER_DEFAULT_BLOCK > options IPFILTER_LOG > > It works fine, but logs to a wrong file. > > > I run ipmon with -Ds options: > > # ps ax|grep ipmon > 740 ?? Ss 1:28.09 /sbin/ipmon -Ds > # > > "D" is for deamon mode, and "s" is to log via syslog. > According to ipmon(8): > > The default facility when compiled and installed is security. > > So I've in /etc/syslog.conf: > > security.* /var/log/ipfilter.log > > but I get all ipmon messages in /var/log/messages. > According to my /etc/syslog.conf this file shouldn't > have ipmon messages: > > *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages It seems that despite using option "s" facility is still local0. So adding local0.* /var/log/ipfilter.log to /etc/syslog.conf puts all ipmon logs to /var/log/ipfilter.log -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100116164131.GJ91835>