[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
syslog / ipmon chaos
Something in syslogd and/or ipmon is out of whack, but I don't see it.
Any "log" action in my ipfilter ruleset results in a message both to
/var/log/ipflog, and to all terminals. This sucks... I don't want this
stuff trashing up my terminal windows. I think I've read the applicable
man pgs, but am still clueless. I'd appreciate any pointers on where
I've gone astray.
This box was recently upgraded from 2.6 to 2.8 stable. ipf -V says I'm
running 3.3.18.
I've tried using 'logger' to help me figure out what's going on. It
didn't help much, as it doesn't appear to do anything:
#logger -p local0.info "test 1"
result: no terminal output, no entry in /var/log/ipflog
#logger -p local0.warning "test 2"
result: no terminal output, no entry in /var/log/ipflog
Here's my setup ---
-->sample entry fm ipf.rules:
block in log quick on xl1 from any to 255.255.255.255/32
NOTE: I have read that more specific log entries (i.e. log level
local0.info quick ...) will resolve the problem I have, but the fact
that 'logger' doesn't yield the expected results makes me suspicious
that something else is whacked.
-->in rc.conf:
ipmon_flags=-Ds
-->in syslog.conf:
# $OpenBSD: syslog.conf,v 1.7 2000/06/20 03:37:49 kjell Exp $
#
*.err;kern.debug;auth.notice;authpriv.none;mail.crit /dev/console
*.notice;auth,authpriv,cron,local0,ftp,kern,lpr,mail,user.none
/var/log/messages
kern.debug,user.info,syslog.info /var/log/messages
auth.info /var/log/authlog
authpriv.debug /var/log/secure
cron.info /var/cron/log
daemon.info /var/log/daemon
ftp.info /var/log/xferlog
lpr.debug /var/log/lpd-errs
mail.info /var/log/maillog
local0.info /var/log/ipflog
#uucp.info /var/log/uucp
*.err root
*.notice;auth.debug root
*.alert root
*.emerg *