Bug 79543

Summary: doc change to firewall section of handbook - 24.5.7 IPMON Logging
Product: Documentation Reporter: FBSD mailing List <fbsd_user>
Component: Books & ArticlesAssignee: Remko Lodder <remko>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description FBSD mailing List 2005-04-04 22:10:04 UTC 
***Change the following section ****

24.5.7 IPMON Logging
Syslogd uses its own special method for segregation of log data. It uses special groupings called ``facility'' and ``level''. IPMON in -Ds mode uses local0 as the ``facility'' name. All IPMON logged data goes to local0. The following levels can be used to further segregate the logged data if desired:

LOG_INFO - packets logged using the "log" keyword as the action rather than pass or block.
LOG_NOTICE - packets logged which are also passed
LOG_WARNING - packets logged which are also blocked
LOG_ERR - packets which have been logged and which can be considered short
To setup IPFILTER to log all data to /var/log/ipfilter.log, you will need to create the file. The following command will do that:

# touch /var/log/ipfilter.log
The syslog function is controlled by definition statements in the /etc/syslog.conf file. The syslog.conf file offers considerable flexibility in how syslog will deal with system messages issued by software applications like IPF.

Add the following statement to /etc/syslog.conf:

local0.* /var/log/ipfilter.log
The local0.* means to write all the logged messages to the coded file location.

To activate the changes to /etc/syslog.conf you can reboot or bump the syslog task into re-reading /etc/syslog.conf by running /etc/rc.d/syslogd reload (killall -HUP syslogd in FreeBSD 4.X).

Do not forget to change /etc/newsyslog.conf to rotate the new log you just created above.

**** To read as this *****

24.5.7 IPMON Logging
Syslogd uses its own special method for segregation of log data. It uses special groupings called ``facility'' and ``level''. IPMON in -Ds mode uses local0 or security as the ``facility'' name. All IPMON logged data goes to the `facility'' name of local0 for 4.10 & 4.11 releases and security for 5.3 and newer releases. The following levels can be used to further segregate the logged data if desired:
LOG_INFO - packets logged using the "log" keyword as the action rather than pass or block.
LOG_NOTICE - packets logged which are also passed
LOG_WARNING - packets logged which are also blocked
LOG_ERR - packets which have been logged and which can be considered short
To setup IPFILTER to log all data to /var/log/ipfilter.log, you will need to create the file. The following command will do that:
# touch /var/log/ipfilter.log
The syslog function is controlled by definition statements in the /etc/syslog.conf file. The syslog.conf file offers considerable flexibility in how syslog will deal with system messages issued by software applications like IPF.
Add the following statement to /etc/syslog.conf:
local0.*        /var/log/ipfilter.log      for 4.10 & 4.11
security.*      /var/log/ipfilter.log      for 5.3 and newer
The local0.*  and security.** means to write all the logged messages to the coded file location.
To activate the changes to /etc/syslog.conf you can reboot or bump the syslog task into re-reading /etc/syslog.conf by running /etc/rc.d/syslogd reload (killall -HUP syslogd in FreeBSD 4.X).
Do not forget to change /etc/newsyslog.conf to rotate the new log you just created above.
Comment 1 Remko Lodder freebsd_committer freebsd_triage 2005-05-02 16:38:42 UTC 
State Changed
From-To: open->feedback

Apart from the addition of the "security" facility, what else did you change 
(except for the change of the layout). Since this is not actually easy to readout. 

If there are no other changes i am sure we can add the security facility :-)
Comment 2 Remko Lodder freebsd_committer freebsd_triage 2005-05-02 17:33:47 UTC 
Responsible Changed
From-To: freebsd-doc->remko

Now that we know that the security facility was added in 5.X and the local0 facility 
only exists in 4.X i will work on this PR to get it fixed.
Comment 3 Remko Lodder freebsd_committer freebsd_triage 2005-05-08 13:45:40 UTC 
State Changed
From-To: feedback->closed

I updated the firewalls chapter. It should appear within 24 hours. 
Thanks for the submission.