Date: Thu, 14 Dec 2000 20:58:54 +0100 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-security@freebsd.org Subject: Re: Extended ipfw Logging Message-ID: <20001214205854.J253@speedy.gsinet> In-Reply-To: <20001214003219.K96105@149.211.6.64.reflexcom.com>; from cjclark@reflexnet.net on Thu, Dec 14, 2000 at 12:32:19AM -0800 References: <20001214003219.K96105@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 14, 2000 at 00:32 -0800, Crist J. Clark wrote:
>
> INTRODUCTION
>
> I wanted to add some detail to the ipfw logging. Specificially,
> I wanted TCP flags. However, once I started coding, I decided
> why not toss just about every field of interest in. I have
> attached patches.
>
>
> WHAT THE PATCHES DO
>
> There are new fields for all packets. Data from the IP header,
> the IP ID, TTL, and extra fragmentation information is printed
> for all types of datagrams. TCP packets include additional
> information on sequence number, acknowledgement number, and
> flags.
Why not have the "verbosity" written in the matching rule? One
surely doesn't want to bloat *all* logged entries (not even log
all denials, and maybe log some accepted packets too). Expand
the filter description for the log verbosity level and reference
this field when the match is meant to log something.
I'm not saying that ipf(4) is the cure for everything. But
looking at "man 5 ipf" here's what I really like about it and you
might, too:
log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] .
Although the above "loglevel" is different from your verbosity
idea (it's a syslog facility.level pair) you might want to have
the best of both worlds in ipfw(4) and code syslog levels as well
as your verbosity controlling what packet characteristics to
print out and where to do so? :)
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001214205854.J253>