Date: Tue, 22 Dec 1998 16:07:02 +1300 (NZDT) From: Andrew McNaughton <andrew@squiz.co.nz> To: Karl Pielorz <kpielorz@tdx.co.uk> Cc: Jeremy Shaffner <jer@jorsm.com>, isp@FreeBSD.ORG Subject: Re: Alternate ipfw log file (Re: IPFW, logging and Syslog) Message-ID: <Pine.BSF.4.05.9812221503550.23019-100000@aniwa.sky> In-Reply-To: <367EF82A.C28ADE64@tdx.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 22 Dec 1998, Karl Pielorz wrote:
> Jeremy Shaffner wrote:
> >
> > While we're on the subject of IPFW logging, how do you get ipfw to log to
> > a file other than messages?
> >
> > -Jeremy
>
> Good question... I guess /etc/syslog.conf, but as to exactly what to put in
> there, I don't know... A lot of our machines run with "*.* /var/log/messages"
> - I'll see if I can find out while I'm looking at Syslog...
It's in the example in "man syslog.conf".
!ipfw
*.* /var/log/ipfw
> I'd guess the IPFW.'message repeated' hack is going to be nasty(ish) as no one
> else seems interested...
There's a good reason for this behaviour - it helps to stop DOS due to
your disk being filled. IPFW does have it's own mechanism for this of
course.
It's pretty trivial to filter your logs to expand out those 'message
repeated' messages. You lose a little bit of detail in your time
stamps, but it might give you what you need in order to run it through
some other processing stage.
#!/usr/local/bin/perl
$|=1;
while (<>) {
if (/^.{15} \w+ last message repeated (\d+) times$/ ) {
for (1..$1) {print $last}
} else {
$last = $_;
print;
}
}
The alternative would be to hack /usr/src/usr.sbin/syslogd/syslogd.c and
modify the condition found at line 698 (in my 2.2.7-RELEASE source). You
could either just disable the conditional, disable if a command line flag
is set, or disable if (strcmp(prog, "ipfw") ==0). Depends exactly what
you're trying to accomplish.
Andrew McNaughton
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9812221503550.23019-100000>