Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Jan 2002 16:41:21 +0100
From:      Mark Rowlands <fuc952d@tninet.se>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: ipmon stopped logging.
Message-ID:  <20020116154127.0426237B416@hub.freebsd.org>
In-Reply-To: <20020116145906.4CF3637B404@hub.freebsd.org>
References:  <20020116145906.4CF3637B404@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wednesday 16 January 2002 3:59 pm, Mark Rowlands wrote:
> been running ipmon / ipfilter for a while quite happily when.....one fine
> day it stopped logging.
>
> kernel options
>
> options         IPFILTER                #ipfilter support
> options         IPFILTER_LOG            #ipfilter logging
> options         IPFILTER_DEFAULT_BLOCK
>
> dmesg
> IP Filter: v3.4.20 initialized.  Default = block all, Logging = enabled
>
> some sample ipfilter rules from ipfstat
>
> @7 block in log quick on xl1 proto tcp from any to any flags FPU/FSRPAUC
> @8 block in log quick on xl1 from any to any with frag
> @9 block in log quick on xl1 from any to 224.0.0.0/3
> @10 block in log quick on xl1 from 169.254.0.0/16 to any
> @11 block in log quick on xl1 from 192.168.0.0/16 to any
> @12 block in log quick on xl1 from 10.0.0.0/8 to any
> @13 block in log quick on xl1 from any to 62.5.39.0/32
> @14 block in log quick on xl1 from any to 62.5.39.255/32
> @15 block in log quick on xl1 from any to 255.255.255.0/24
> @16 block return-rst in log quick on xl1 proto tcp from any to any
>
> (this is not my normal config,  I added the logging on these rules to
> ensure that there would definitely be something to log)
>
> syslog.conf
>
> local0.*        -/var/log/firewall_logs

thats why......  

should be local0.*    /var/log/firewall_logs

don't know where the - came from though

> ls -al /var/log/fire*
> -rw-r--r--   1 root      wheel        0 Jan 16 12:48 firewall_logs
>
> and ipmon runs as ipmon -Dsv
>
> uname :-
> FreeBSD pcmarpxy 4.5-RC FreeBSD 4.5-RC #0: Tue Jan 15 21:51:55 CET 2002
>
> This was working quite happily and no, I can' t  specifically remember
> changing anything that might stop it from working.
>
> Any suggestions as where the problem might lie?

-- 
Please do not look directly into laser with remaining eye.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020116154127.0426237B416>