From owner-freebsd-questions  Tue Oct  1 15: 2:27 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1C15F37B401
	for <freebsd-questions@FreeBSD.ORG>; Tue,  1 Oct 2002 15:02:26 -0700 (PDT)
Received: from dweimer.org (65-64-111-28.ded.swbell.net [65.64.111.28])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1A35543E42
	for <freebsd-questions@FreeBSD.ORG>; Tue,  1 Oct 2002 15:02:25 -0700 (PDT)
	(envelope-from dweimer@dweimer.org)
Received: from DWeimer.Org (localhost.org [127.0.0.1])
	by dweimer.org (8.12.3/8.12.3) with SMTP id g91M2L90017541
	for <freebsd-questions@FreeBSD.ORG>; Tue, 1 Oct 2002 17:02:22 -0500 (CDT)
	(envelope-from dweimer@dweimer.org)
Message-Id: <200210012202.g91M2L90017541@dweimer.org>
Date: Tue, 1 Oct 2002 22:02:21 -0000
To: <freebsd-questions@FreeBSD.ORG>
Subject: ipmon syslogd problems
From: "Dean E. Weimer" <dweimer@dweimer.org>
X-Mailer: TWIG 2.7.6
Reply-To: dweimer@dweimer.org
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I have ipfilter set up and running fine, but I have been finding that my 
security logs show up in both my security and messages log files.  ipmon is 
running with the command "ipmon -oI -s -D" and my syslog.conf file has the 
following relevant configuration.
..
local0.*                                        /var/log/security
security.*                                      /var/log/security
*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
..
I am only logging blocked and short packets, which according to "man ipmon" 
should do the following.
..
-s     Packet  information  read  in  will be sent through
	       syslogd rather than saved to a file.   The  default
	       facility	when  compiled	and  installed is local0.
	       The following levels are used:

	       LOG_INFO - packets logged using the  "log"  keyword
	       as the action rather than pass or block.

	       LOG_NOTICE - packets logged which are also passed

	       LOG_WARNING - packets logged which are also blocked

	       LOG_ERR - packets which have been logged and  which
	       can be considered "short".
..
There is nothing in my syslog.conf that is pointing *.warning or *.err to 
messages.
Does anyone have any ideas as to why this is happening??

Please Copy me with any replies.
-- 
Thanks,
  Dean E. Weimer
  dweimer@dweimer.org
  http://www.dweimer.org/




________________________________________________________________

This message was sent from dweimer.org using TWIG
  - The Web Information Gateway.
  - For more information visit http://www.dweimer.org/
  - To Report Abuse Contact dweimer@dweimer.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message