From owner-freebsd-questions@FreeBSD.ORG Tue Feb 26 13:22:42 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B05D1065675 for ; Tue, 26 Feb 2008 13:22:42 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from diri.bris.ac.uk (diri.bris.ac.uk [137.222.10.112]) by mx1.freebsd.org (Postfix) with ESMTP id 1ABC213C448 for ; Tue, 26 Feb 2008 13:22:42 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from isis.bris.ac.uk ([137.222.10.63]) by diri.bris.ac.uk with esmtp (Exim 4.67) (envelope-from ) id 1JTzlX-0005gt-Ld for freebsd-questions@freebsd.org; Tue, 26 Feb 2008 13:22:40 +0000 Received: from mech-aslap33.men.bris.ac.uk ([137.222.184.33]) by isis.bris.ac.uk with esmtp (Exim 4.67) (envelope-from ) id 1JTzlW-000025-TK for freebsd-questions@freebsd.org; Tue, 26 Feb 2008 13:22:39 +0000 Received: from mech-aslap33.men.bris.ac.uk (localhost [127.0.0.1]) by mech-aslap33.men.bris.ac.uk (8.14.2/8.14.2) with ESMTP id m1QDKWsb086520 for ; Tue, 26 Feb 2008 13:20:32 GMT (envelope-from mexas@bristol.ac.uk) Received: (from mexas@localhost) by mech-aslap33.men.bris.ac.uk (8.14.2/8.14.2/Submit) id m1QDKWJW086519 for freebsd-questions@freebsd.org; Tue, 26 Feb 2008 13:20:32 GMT (envelope-from mexas@bristol.ac.uk) X-Authentication-Warning: mech-aslap33.men.bris.ac.uk: mexas set sender to mexas@bristol.ac.uk using -f Date: Tue, 26 Feb 2008 13:20:32 +0000 From: Anton Shterenlikht To: freebsd-questions@freebsd.org Message-ID: <20080226132032.GA86468@mech-aslap33.men.bris.ac.uk> Mail-Followup-To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-Spam-Score: -1.4 X-Spam-Level: - Subject: IPMON log to syslog doesn't work X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2008 13:22:42 -0000 Hello I'm trying to troubleshoot my ipfilter firewall, and I cannot get any log data, i.e. /var/log/ipfilter.log is empty. I have in my kernel options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK in /etc/rc.conf ipfilter_enable="YES" # Start ipf firewall ipfilter_rules="/etc/ipf.rules" # loads rules definition text file ipmon_enable="YES" # Start IP monitor log ipmon_flags="-Ds" # D = start as daemon gateway_enable="YES" # Enable as LAN gateway ipnat_enable="YES" # Start ipnat function ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat in /etc/syslogd.conf security.* /var/log/security security.* /var/log/ipfilter.log in /etc/newsyslog.conf /var/log/security 600 10 100 * JC /var/log/ipfilter.log 640 10 100 * C in /etc/ipf.rules pass in log on dc0 proto udp from any to any port = 123 keep state pass out log on dc0 proto udp from any to any port = 123 keep state plus many other log requests I can run ipmon iteractively and see some output, e.g.: # ipmon 26/02/2008 13:09:45.045875 dc0 @0:20 b 137.222.187.86,137 -> 137.222.187.255,137 PR udp len 20 78 IN broadcast 26/02/2008 13:09:57.454559 dc0 @0:20 b 137.222.187.90,137 -> 137.222.187.255,137 PR udp len 20 78 IN broadcast 26/02/2008 13:10:34.105816 3x dc0 @0:20 b 137.222.187.115,137 -> 137.222.187.255 ,137 PR udp len 20 78 IN broadcast 26/02/2008 13:10:36.451501 dc0 @0:21 b 137.222.187.162,138 -> 137.222.187.255,13 8 PR udp len 20 229 IN broadcast 26/02/2008 13:10:49.132426 dc0 @0:21 b 137.222.187.86,138 -> 137.222.187.255,138 PR udp len 20 229 IN broadcast # but nothing ever appears in the logs: # cat /var/log/security Jul 20 10:52:47 newsyslog[463]: logfile first created # cat /var/log/ipfilter.log Feb 26 00:00:00 mech-cluster238 newsyslog[21510]: logfile turned over mech-cluster238# What am I missing? many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423