Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 Sep 2004 08:09:02 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Eric F Crist <ecrist@grog.secure-computing.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: IPFW logging...
Message-ID:  <20040921070902.GA76127@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <20040920222503.E23065@grog.secure-computing.net>
References:  <20040920222503.E23065@grog.secure-computing.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

--qMm9M+Fa2AknHoGS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Sep 20, 2004 at 10:27:22PM -0500, Eric F Crist wrote:

> IPFW used to log all entries with the 'log' included in the rule, but=20
> randomely, to me, anyways, stopped doing so.  I can't seem to get it to=
=20
> continue logging.
>=20
> Does anyone have any insight?  I'm running FreeBSD 4.10 from about 2=20
> months ago.  I'm going to cvsup tonight to see if it helps.  what log=20
> files can I check to verify things are working?  Thanks.

Are you just running into the verbose limit on log messages? That's
the setting of the net.inet.ip.fw.verbose_limit sysctl.  That exists
to prevent anyone DOS-ing you by sending so many nasty packets that
the log files fill up your disk.

I find setting this to a fairly high number (1024) and doing a daily
reset of the counters keeps the logging data coming through more or
less smoothly. I put this in /etc/daily.local:

    #!/bin/sh
   =20
    PATH=3D/usr/bin:/bin:/sbin ; export PATH
   =20
    ipfw resetlog
   =20
    #
    # That's All Folks!
    #

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--qMm9M+Fa2AknHoGS
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBT9OOiD657aJF7eIRAnagAKCrdNFojuQ9i976tee1ulGnRJ/xHgCeIaQe
BdfxBUd04SzY1Fo4o5C8cv8=
=BtTA
-----END PGP SIGNATURE-----

--qMm9M+Fa2AknHoGS--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040921070902.GA76127>