Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 1 Oct 2002 22:02:21 -0000
From:      "Dean E. Weimer" <dweimer@dweimer.org>
To:        <freebsd-questions@FreeBSD.ORG>
Subject:   ipmon syslogd problems
Message-ID:  <200210012202.g91M2L90017541@dweimer.org>

next in thread | raw e-mail | index | archive | help
I have ipfilter set up and running fine, but I have been finding that my 
security logs show up in both my security and messages log files.  ipmon is 
running with the command "ipmon -oI -s -D" and my syslog.conf file has the 
following relevant configuration.
..
local0.*                                        /var/log/security
security.*                                      /var/log/security
*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
..
I am only logging blocked and short packets, which according to "man ipmon" 
should do the following.
..
-s     Packet  information  read  in  will be sent through
	       syslogd rather than saved to a file.   The  default
	       facility	when  compiled	and  installed is local0.
	       The following levels are used:

	       LOG_INFO - packets logged using the  "log"  keyword
	       as the action rather than pass or block.

	       LOG_NOTICE - packets logged which are also passed

	       LOG_WARNING - packets logged which are also blocked

	       LOG_ERR - packets which have been logged and  which
	       can be considered "short".
..
There is nothing in my syslog.conf that is pointing *.warning or *.err to 
messages.
Does anyone have any ideas as to why this is happening??

Please Copy me with any replies.
-- 
Thanks,
  Dean E. Weimer
  dweimer@dweimer.org
  http://www.dweimer.org/




________________________________________________________________

This message was sent from dweimer.org using TWIG
  - The Web Information Gateway.
  - For more information visit http://www.dweimer.org/
  - To Report Abuse Contact dweimer@dweimer.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210012202.g91M2L90017541>