Very Computer

Have recently recompiled my FreeBSD 4.3 kernel to support IPFilter.
Being used to OpenBSD systems where the IPFilter log appears in
/var/log/ipf I looked there, but there is no log.

Do I have to manually tell IPFilter to create a log file?

--

Rickard

                                              .--.        .--.
 .-------------------------------------.      |  |        |  | .-.
 |          Rickard Borgm?ster         |      |  |        |  |/  /

 |     http://www.sub.nu/~doktorn/     |   (  o  | ( () ) |  |\  \
 `-------------------------------------'   `-----'  `--'  `--' `--'

No, but you will have to tell syslog where to place logs
from local0

Then YOU will have to HUP syslogd AND create the file.

/etc/syslog.conf :
local0.info                                             /var/log/ipflog

--
Peter H?kanson        
        IPSec  Sverige      (At the Riverside of Gothenburg, home of Volvo)
           Sorry about my e-mail address, but i'm trying to keep spam out.
           Remove "icke-reklam"and "invalid"  and it works.

This didn't seem to help :-/

Exactly what is local0? Why should I use this? Is there any man pages or
something when I can find out about these log sources?

--

Rickard

                                               .--.        .--.
.----------------------------------------.     |  |        |  | .-.
|           Rickard Borgm?ster           |     |  |        |  |/  /

|         http://doktorn.sub.nu/         |  (  o  | ( () ) |  |\  \
`----------------------------------------'  `-----'  `--'  `--' `--'

:>

:> > Have recently recompiled my FreeBSD 4.3 kernel to support IPFilter.
:> > Being used to OpenBSD systems where the IPFilter log appears in
:> > /var/log/ipf I looked there, but there is no log.
:>
:> > Do I have to manually tell IPFilter to create a log file?

        Not IPF directly, but yes. -Even in OpenBSD, IPF doesn't do the
        logging itself.  Make sure ipmon is enabled in your rc.conf:

                ipmon_enable="YES"

        Perhaps with something as well like this as well:

                ipmon_flags="-D /var/log/ipf"

:> No, but you will have to tell syslog where to place logs
:> from local0
:>
:> Then YOU will have to HUP syslogd AND create the file.
:>
:> /etc/syslog.conf :
:> local0.info                                             /var/log/ipflog
:
: This didn't seem to help :-/
:
: Exactly what is local0? Why should I use this? Is there any man pages or
: something when I can find out about these log sources?

        The syslog stuff is only needed if you use -s for ipmon, although it
        can be better using syslog as you can configure it in more detail as
        well as use newsyslog to rotate your logs, or log to a remote
        machine.

        For more info, see `man 8 ipmon'.

--

BSD:  A psychoactive drug, popular in the 80s, probably developed at UC
Berkeley or thereabouts.  Similar in many ways to the prescription-only
medication called "System V", but infinitely more useful. (Or, at least,
more fun.)  The full chemical name is "Berkeley Standard Distribution".

Hi!

If you log with syslogd, you have to create an empty file manualy.

Regards
Jrgen

Quote:> Have recently recompiled my FreeBSD 4.3 kernel to support IPFilter.
> Being used to OpenBSD systems where the IPFilter log appears in
> /var/log/ipf I looked there, but there is no log.

> Do I have to manually tell IPFilter to create a log file?

man syslog is a starting point.

local[0-7] is 8 userd-defined categories that may be used with syslog.

--
Peter H?kanson        
        IPSec  Sverige      (At the Riverside of Gothenburg, home of Volvo)
           Sorry about my e-mail address, but i'm trying to keep spam out.
           Remove "icke-reklam"and "invalid"  and it works.

So now I've added local0.info to syslog.conf, just as stated above. I've
also started ipmon with -D -s but still, no logging :-( Even tried local0.*
in syslog but no difference. What am I missing?

--

Rickard

                                              .--.        .--.
 .-------------------------------------.      |  |        |  | .-.
 |          Rickard Borgm?ster         |      |  |        |  |/  /

 |     http://www.sub.nu/~doktorn/     |   (  o  | ( () ) |  |\  \
 `-------------------------------------'   `-----'  `--'  `--' `--'

:> > Have recently recompiled my FreeBSD 4.3 kernel to support IPFilter.
:> > Being used to OpenBSD systems where the IPFilter log appears in
:> > /var/log/ipf I looked there, but there is no log.
:>
:> > Do I have to manually tell IPFilter to create a log file?
:> No, but you will have to tell syslog where to place logs from local0
:>
:> Then YOU will have to HUP syslogd AND create the file.
:>
:> /etc/syslog.conf :
:> local0.info                                             /var/log/ipflog
:
: So now I've added local0.info to syslog.conf, just as stated above. I've
: also started ipmon with -D -s but still, no logging :-( Even tried
: local0.* in syslog but no difference. What am I missing?

        Not sure, but if it helps here's my syslog.conf.  In this setup,
        ipmon messages go to /var/log/messages.  What does what I can't
        exactly say...I crafted this from a firewall guide some time back as
        while I'm fluent with many things, the workings of syslog isn't one
        of them.  HTH

        auth.*                                          /var/log/authlog
        *.err;kern.debug;auth.notice;mail.crit          /dev/console
        *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
        security.*                                      /var/log/security
        mail.info                                       /var/log/maillog
        lpr.info                                        /var/log/lpd-errs
        cron.*                                          /var/log/cron
        *.err                                           root
        *.notice;news.err;local0.none                   root
        *.alert                                         root
        *.emerg                                         *

--

BSD:  A psychoactive drug, popular in the 80s, probably developed at UC
Berkeley or thereabouts.  Similar in many ways to the prescription-only
medication called "System V", but infinitely more useful. (Or, at least,
more fun.)  The full chemical name is "Berkeley Standard Distribution".

Quote:

> Not sure, but if it helps here's my syslog.conf.  In this setup,
> ipmon messages go to /var/log/messages.  What does what I can't
> exactly say...I crafted this from a firewall guide some time back as
> while I'm fluent with many things, the workings of syslog isn't one
> of them.  HTH

> auth.*                                          /var/log/authlog
> *.err;kern.debug;auth.notice;mail.crit          /dev/console
> *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
> security.*                                      /var/log/security
> mail.info                                       /var/log/maillog
> lpr.info                                        /var/log/lpd-errs
> cron.*                                          /var/log/cron
> *.err                                           root
> *.notice;news.err;local0.none                   root
> *.alert                                         root
> *.emerg                                         *

This is weird. I can't see here that local0* is mentioned in the line that
logs to /var/log/messages. But I'll give it i try.

--

Rickard

                                              .--.        .--.
 .-------------------------------------.      |  |        |  | .-.
 |          Rickard Borgm?ster         |      |  |        |  |/  /

 |     http://www.sub.nu/~doktorn/     |   (  o  | ( () ) |  |\  \
 `-------------------------------------'   `-----'  `--'  `--' `--'

These are the settings I have been using for a while and it seems to do the
job:

/etc/syslog.conf:
local0.*                                        /var/log/firewall_logs

/etc/newsyslog.conf:
/var/log/firewall_logs                  644  3     100  *     Z

/etc/rc.conf:
ipfilter_enable="YES"
ipmon_enable="YES"
ipmon_flags="-Dsv"
ipnat_enable="YES"

I hope this will work for you!

Regards,
Magnus

:>
:> Not sure, but if it helps here's my syslog.conf.  In this setup,
:> ipmon messages go to /var/log/messages.  What does what I can't
:> exactly say...I crafted this from a firewall guide some time back as
:> while I'm fluent with many things, the workings of syslog isn't one
:> of them.  HTH
:>
:> auth.*                                          /var/log/authlog
:> *.err;kern.debug;auth.notice;mail.crit          /dev/console
:> *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
:> security.*                                      /var/log/security
:> mail.info                                       /var/log/maillog
:> lpr.info                                        /var/log/lpd-errs
:> cron.*                                          /var/log/cron
:> *.err                                           root
:> *.notice;news.err;local0.none                   root
:> *.alert                                         root
:> *.emerg                                         *
:
: This is weird. I can't see here that local0* is mentioned in the line that
: logs to /var/log/messages. But I'll give it i try.

        That's what I thought too, but then as I've said syslog is not one
        of the black arts which I practice. :-)

--

BSD:  A psychoactive drug, popular in the 80s, probably developed at UC
Berkeley or thereabouts.  Similar in many ways to the prescription-only
medication called "System V", but infinitely more useful. (Or, at least,
more fun.)  The full chemical name is "Berkeley Standard Distribution".