Re: What's wrong with ipmon?

[herbert langhans <herbert.raimund%langhans.com.pl@localhost>]

On Mon, May 14, 2012 at 01:20:52PM +0200, Manuel Bouyer wrote:
> On Mon, May 14, 2012 at 01:13:01PM +0200, herbert langhans wrote:
> > > I guess you properly used 'log' in your ipf rules ?
> > > I've been using ipf on 5.1-ish systems, and logging is working ...
> > 
> > You guessed wrong. I thought it says at least anything by default!
> 
> No, without the log keyword nothing will be logged.
> 
> > 
> > Now I assigned (in ipf.conf) some lines like this:
> > block out log on nfe0 from manul to 62.213.199.236
> > There is 'log' now in the line what hasn't been there before.
> > 
> > But do I have to modify syslog.conf as well? I googled that there has to be
> > something like:
> > local0.*    /var/log/ipflog.log
> 
> Yes, ipmon logs to local0. With the default syslog.conf some ipf logs may
> end up in /var/log/messages but not all of them (only those with severity
> at or highter than info)
> 
> > 
> > Or is is enough to have in /etc/rc.d:
> > ipfilter=YES
> > ipmon=YES
> 
> ipmon_flags is -Dns by default, so logs are sent to syslog.
> 
> -- 
> Manuel Bouyer <bouyer%antioche.eu.org@localhost>
>      NetBSD: 26 ans d'experience feront toujours la difference
> --

Yep - got it working! As you say it left already some lines in messages.
I will read through the syslog.conf page and I am sure I get along now.
Is some kind of rocket science, the ipf-logging ...

Thanks a lot, had never got it working without your help!
herb langhans

-- 
sprachtraining langhans
herbert langhans, warschau
herbert.raimund[at]gmx.net
herbert[at]langhans.com.pl
http://www.langhans.com.pl
+0048 603 341 441

| jabber:herbs
| icq:414500866
| yahoo_im:herbert.raimund