Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 15 Oct 2002 13:06:04 -0500
From:      "Maildrop" <maildrop@qwest.net>
To:        "Roman V. Mashak" <mrv@tv2.tomsk.ru>, freebsd-questions@FreeBSD.ORG
Subject:   RE: monitor ALL connections to ALL ports
Message-ID:  <NGBBIILBAKIFGHHCHOHPIECMFKAA.maildrop@qwest.net>
In-Reply-To: <20021015023521.GB19297@mrv.tusur.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 

This is what I currently have.

/dev/ad0s3e   1.2G   912M   175M    84%    /var/log

I got a 30 count of sys rotates at ever 10 megs (newsyslog.conf), expect for
httpd* logs, I just leave them untouched for stat info and clean by hand,
right now htye are only 115 megs.

Jack

> -----Original Message-----
> From: owner-freebsd-questions@FreeBSD.ORG
> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Roman V. Mashak
> Sent: Monday, October 14, 2002 9:35 PM
> To: freebsd-questions@FreeBSD.ORG
> Subject: Re: monitor ALL connections to ALL ports
>
>
> On Mon, Oct 14, 2002 at 11:42:25PM +0100, Matthew Seaman wrote:
> > > I want to log all connections, regardless if they failed or
> > > successed, regardless if they have a daemon running on that port or
> > > not.
>
> > The only way I can think of to achieve what you want -- logging every
> > packet received by your machine -- is to use ipfw(8) and add the 'log'
> > keyword to all appropriate rules.  You'll need to have a lot of space
> > in /var and bump up the net.inet.ip.fw.verbose_limit sysctl to some
> 	Could you describe some methods of counting /var-partition size
> for saving there:
> 1) 'maillog' data
> 2) 'ipfw' logs.
>
> 	Thanks in advance.
> > huge limit and run 'ipfw resetlog' at regular intervals (or ipfw(8)
> [skip]
>
> --
> Best regards, Roman
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NGBBIILBAKIFGHHCHOHPIECMFKAA.maildrop>