Professional Web Applications Themes

ipmon logging - FreeBSD

According to every website I've read so far ipmon uses local0 as the facility name. However, on my FreeBSD 5.3-RELEASE-p5 box, it logs to the security facility. The man page (in both 5.2.1 and 5.3) for ipmon, with -s for logging to syslog says, "The default facility when compiled and installed is security". Can anyone explain this? I'd like ipmon to log to a separate file so it doesn't fill up the security log. I've tried having ipmon log directly to a file, and not using syslog, but it stops logging when newsyslog rotates the file. Does anyone have any ...

  1. #1

    Default ipmon logging

    According to every website I've read so far ipmon uses local0 as the facility name. However, on my FreeBSD 5.3-RELEASE-p5 box, it logs to the security facility. The man page (in both 5.2.1 and 5.3) for ipmon, with -s for logging to syslog says, "The default facility when compiled and installed is security". Can anyone explain this? I'd like ipmon to log to a separate file so it doesn't fill up the security log. I've tried having ipmon log directly to a file, and not using syslog, but it stops logging when newsyslog rotates the file. Does anyone have any suggestions on what I could or should do?

    Eric
    as2sb3100@comcast.net Guest

  2. #2

    Default RE: ipmon logging

    There is a new write up of IPF in the official manual that explains
    in detail how to get ipmon to log to separate file.

    You have to give more technical details about what you have done.

    -----Original Message-----
    From: org
    [mailto:org]On Behalf Of
    net
    Sent: Friday, April 01, 2005 1:50 PM
    To: org
    Subject: ipmon logging

    According to every website I've read so far ipmon uses local0 as the
    facility name. However, on my FreeBSD 5.3-RELEASE-p5 box, it logs
    to the security facility. The man page (in both 5.2.1 and 5.3) for
    ipmon, with -s for logging to syslog says, "The default facility
    when compiled and installed is security". Can anyone explain this?
    I'd like ipmon to log to a separate file so it doesn't fill up the
    security log. I've tried having ipmon log directly to a file, and
    not using syslog, but it stops logging when newsyslog rotates the
    file. Does anyone have any suggestions on what I could or should
    do?

    Eric
    _______________________________________________
    org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    To unsubscribe, send any mail to
    "org"

    Guest

  3. #3

    Default Re: ipmon logging

    On Friday 01 April 2005 20:50, net wrote: 

    From /etc/defaults/rc.conf:

    ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog"

    So use ipmon_flags="-D /var/log/ipmon" or so in your /etc/rc.conf. It's
    sensible to have a seperate ipf logfile.


    HTH,

    Dan
    Danny Guest

  4. #4

    Default RE: ipmon logging

    After testing with 5.3 on my workbench box it seems that ipfilter
    has changed between 4.11 and 5.3. The syslog.conf logging statement
    of local0.* /var/log/security is only valid for the
    ipfilter in the 4.x versions of Freebsd.
    security.* /var/log/security is only valid for the
    ipfilter in the 5.3 version and greater of Freebsd.


    The official handbook is written for 4.11 release. It needs to be
    updated for the 5.3 5.4 releases



    -----Original Message-----
    From: net [mailto:net]
    Sent: Friday, April 01, 2005 3:12 PM
    To: com
    Subject: RE: ipmon logging

    from the FAQ:
    1. # I have IPMon logging to syslog, but syslog doesn't log
    anything, why not?

    IPF logs as local0 so you'll want something to the effect of:
    local0.debug /var/log/ipf.log
    in your syslog.conf. NOTE: There has to be atleast one TAB in
    that line, not just spaces.

    It doesnt do this though, I think, I could mistaken. In my rc.conf
    file I have ipmon_flags="Ds" and the line in syslog.conf from above
    (I've also tried local0.* /var/log/ipf.log in syslog.conf) which
    should do what it says above. All this is doented in the
    Handbook. However, ipmon uses the security facility instead of
    local0. This means that whenever something is logged by ipmon, it
    gets loged to /var/log/security. If I change ipmon_flags="Ds" to
    ipmon_flags="D /var/log/ipf.log" it works perectly. However, when
    newsyslog rotates the file when it gets to 100k, ipmon stops
    logging. When I run nmap I normaly get a bunch of stuff logged.
    When newsyslog rotates the file it adds logfile turned over due
    to..., and then nothing gets logged after that. So I know that it
    stops logging after newsyslog rotates the log. I've been reading
    through the newsyslog.conf man page, but I'm not sure what I'm
    looking for.

     
    explains 
    the 
    for 
    this? 

    Guest

  5. #5

    Default RE: ipmon logging

    I figured it was something like that. I read the man page for newsyslog and
    well not knowing very much about proccesses and stuff, I just skipped over the
    pid part. After doing some reading I figured out I had to put in the path to
    the pid. Now when newsyslog rotates the log file it restarts (or relaods or something) ipmon. RTFM realy helps.

     
    > explains 
    > the 
    > for 
    > this? 
    >[/ref]
    as2sb3100@comcast.net Guest

Similar Threads

  1. IPMon.exe fails to initialize
    By sandra in forum Windows XP/2000/ME
    Replies: 0
    Last Post: July 22nd, 10:46 PM
  2. Logging in help
    By Tiffany in forum Windows Setup, Administration & Security
    Replies: 0
    Last Post: June 30th, 06:03 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139