Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 14 May 2005 09:00:12 -0400
From:      "fbsd_user" <fbsd_user@a1poweruser.com>
To:        "Per Berger" <freebsd@stortsett.se>, "FreeBSD questions" <freebsd-questions@freebsd.org>
Subject:   RE: ipfilter and logging...
Message-ID:  <MIEPLLIBMLEEABPDBIEGAENDHEAA.fbsd_user@a1poweruser.com>
In-Reply-To: <4285EEDF.4070902@stortsett.se>
next in thread | previous in thread | raw e-mail | index | archive | help 

add  security.none  to the line for /var/log/messages file to stop
ipfilter from logging to that file.

-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Per Berger
Sent: Saturday, May 14, 2005 8:28 AM
To: FreeBSD questions
Subject: ipfilter and logging...


Hi!

So I've installed ipfilter and ipnat with help from the handbook. It
works great so now my box is connected to my ADSL connection.

But... (there is always a but...)

I am confused regarding logging. The handbook says that I can add
"security.*" in syslog.conf and specify a logfile to log the
firewall.
But there is already an entry in syslog.conf "security.*" from
install (
I am running 5.4-RELEASE upgraded from 5.3 via cvsup (which worked
great
btw...)) pointing at /var/log/security. And all logging goes to
/var/log/security. But at least some of it goes also to
/var/log/messages; seems to be the "final" rules that goes there,
i.e.
such as "block in log first quick on fxp0 all".

My syslog.conf looks like this:

"
...
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
/var/log/messages
security.*                                      /var/log/security
...
"

(sorry for truncation, hope you get the picture...)

Now for my question. I do really want a separate log file for
ipfilter.
How would a change syslog.conf to separate out the ipfilter logs
from
the rest without breaking any other logging? Or, at least, how do I
change the line for /var/log/messages so that no ipfilter stuff goes
there without breaking something else?

Sorry if this is obvious stuff but I've searched for the answer but
is
only getting more confused the more I search...


--
Per Berger

_
                                               ASCII ribbon campaign
( )
                                          - against HTML, vCards and
X
                                 - proprietary attachments in e-mail
/ \
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGAENDHEAA.fbsd_user>