From nobody@FreeBSD.org Mon Apr 4 21:02:00 2005 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F2B316A4CE for ; Mon, 4 Apr 2005 21:02:00 +0000 (GMT) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1716543D41 for ; Mon, 4 Apr 2005 21:02:00 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j34L1x6Z051013 for ; Mon, 4 Apr 2005 21:01:59 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id j34L1xO9051012; Mon, 4 Apr 2005 21:01:59 GMT (envelope-from nobody) Message-Id: <200504042101.j34L1xO9051012@www.freebsd.org> Date: Mon, 4 Apr 2005 21:01:59 GMT From: Joe To: freebsd-gnats-submit@FreeBSD.org Subject: doc change to firewall section of handbook - 24.5.7 IPMON Logging X-Send-Pr-Version: www-2.3 >Number: 79543 >Category: docs >Synopsis: doc change to firewall section of handbook - 24.5.7 IPMON Logging >Confidential: no >Severity: serious >Priority: medium >Responsible: remko >State: closed >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 04 21:10:04 GMT 2005 >Closed-Date: Sun May 08 12:46:01 GMT 2005 >Last-Modified: Sun May 08 12:46:01 GMT 2005 >Originator: Joe >Release: 5.3 release >Organization: >Environment: >Description: ***Change the following section **** 24.5.7 IPMON Logging Syslogd uses its own special method for segregation of log data. It uses special groupings called ``facility'' and ``level''. IPMON in -Ds mode uses local0 as the ``facility'' name. All IPMON logged data goes to local0. The following levels can be used to further segregate the logged data if desired: LOG_INFO - packets logged using the "log" keyword as the action rather than pass or block. LOG_NOTICE - packets logged which are also passed LOG_WARNING - packets logged which are also blocked LOG_ERR - packets which have been logged and which can be considered short To setup IPFILTER to log all data to /var/log/ipfilter.log, you will need to create the file. The following command will do that: # touch /var/log/ipfilter.log The syslog function is controlled by definition statements in the /etc/syslog.conf file. The syslog.conf file offers considerable flexibility in how syslog will deal with system messages issued by software applications like IPF. Add the following statement to /etc/syslog.conf: local0.* /var/log/ipfilter.log The local0.* means to write all the logged messages to the coded file location. To activate the changes to /etc/syslog.conf you can reboot or bump the syslog task into re-reading /etc/syslog.conf by running /etc/rc.d/syslogd reload (killall -HUP syslogd in FreeBSD 4.X). Do not forget to change /etc/newsyslog.conf to rotate the new log you just created above. **** To read as this ***** 24.5.7 IPMON Logging Syslogd uses its own special method for segregation of log data. It uses special groupings called ``facility'' and ``level''. IPMON in -Ds mode uses local0 or security as the ``facility'' name. All IPMON logged data goes to the `facility'' name of local0 for 4.10 & 4.11 releases and security for 5.3 and newer releases. The following levels can be used to further segregate the logged data if desired: LOG_INFO - packets logged using the "log" keyword as the action rather than pass or block. LOG_NOTICE - packets logged which are also passed LOG_WARNING - packets logged which are also blocked LOG_ERR - packets which have been logged and which can be considered short To setup IPFILTER to log all data to /var/log/ipfilter.log, you will need to create the file. The following command will do that: # touch /var/log/ipfilter.log The syslog function is controlled by definition statements in the /etc/syslog.conf file. The syslog.conf file offers considerable flexibility in how syslog will deal with system messages issued by software applications like IPF. Add the following statement to /etc/syslog.conf: local0.* /var/log/ipfilter.log for 4.10 & 4.11 security.* /var/log/ipfilter.log for 5.3 and newer The local0.* and security.** means to write all the logged messages to the coded file location. To activate the changes to /etc/syslog.conf you can reboot or bump the syslog task into re-reading /etc/syslog.conf by running /etc/rc.d/syslogd reload (killall -HUP syslogd in FreeBSD 4.X). Do not forget to change /etc/newsyslog.conf to rotate the new log you just created above. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: State-Changed-From-To: open->feedback State-Changed-By: remko State-Changed-When: Mon May 2 15:38:42 GMT 2005 State-Changed-Why: Apart from the addition of the "security" facility, what else did you change (except for the change of the layout). Since this is not actually easy to readout. If there are no other changes i am sure we can add the security facility :-) http://www.freebsd.org/cgi/query-pr.cgi?pr=79543 Responsible-Changed-From-To: freebsd-doc->remko Responsible-Changed-By: remko Responsible-Changed-When: Mon May 2 16:33:47 GMT 2005 Responsible-Changed-Why: Now that we know that the security facility was added in 5.X and the local0 facility only exists in 4.X i will work on this PR to get it fixed. http://www.freebsd.org/cgi/query-pr.cgi?pr=79543 State-Changed-From-To: feedback->closed State-Changed-By: remko State-Changed-When: Sun May 8 12:45:40 GMT 2005 State-Changed-Why: I updated the firewalls chapter. It should appear within 24 hours. Thanks for the submission. http://www.freebsd.org/cgi/query-pr.cgi?pr=79543 >Unformatted: