I have a 5.3-STABLE machine with ipfilter built into the kernel. When running ipmon logging to syslog, the information is being dumped to the security.* service instead of the local0.* service like the handbook says it should.
OK I'm feeling a stupid, only a little though...because the info in the handbook doesn't match the reality (given in the manpage) WRT the "facility" name used by ipmon.
The handbook (http://www4.pt.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html) says:
24.5.7 IPMON Logging
Syslogd uses its own special method for segregation of log data. It uses special groupings called ``facility'' and ``level''. IPMON in -Ds mode uses local0 as the ``facility'' name. All IPMON logged data goes to local0. The following levels can be used to further segregate the logged data if desired:
The ipmon(8) manpage says:
-s Packet information read in will be sent through syslogd rather than saved to a file. The default facility when compiled and installed is security. The following levels are used:
------------------------- So now I have two more questions.
First, what is the best way to go about getting this fixed so noone else makes the same mistake I did? A simple post somewhere explaining what's incorrect, or do I need to create a diff and upload it somewhere?
Second, what else uses the security syslog facility? Is my security log going to have other things than just my firewall logs that I will now have to go digging for?
Thanks, Joe.
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
