ipmon log rotation

[Paul Armstrong]

On Wed, Dec 03, 2003 at 03:03:03PM -0500, Damian Gerow wrote:
> > in rc.conf:
> >
> > ipmon_flags=-sD
> >
> > in syslog.conf:
> > local0.* /var/log/ipfilter
>
> In 5.x, ipmon sends to security, not local0. Last I checked (5.1-R), there
> was no way to change this. I submitted a post to -current, but nobody ever
> responded.
>
> I *really* like having my ipf logfiles filtered off into their own logfile.
> I don't like being forced to send everything of the same facility.severity
> to the same logfile.

Actually, you can setup something similar in 5.X. I do the following in 5.1
(and have used this method in 4.X as well):

IPF rules:
block in log level local3.info quick from any to any head 01
block out log level local4.info quick from any to any head 02

syslog:
# This takes only syslog messages that come from the ipmon program. The '='
# ensures that only the specified level is sent to each log file.
!ipmon
local3.=info /var/log/ipf/in.log
local4.=info /var/log/ipf/out.log

newsyslog:
/var/log/ipf/in.log 0640 20 100 * Z
/var/log/ipf/out.log 0640 20 100 * Z

Paul

[Damian Gerow]

Thus spake Paul Armstrong (ar...@cyber.com.au) [07/12/03 14:22]:

> Actually, you can setup something similar in 5.X. I do the following in 5.1
> (and have used this method in 4.X as well):

Well. You learn something new every day.

Thanks!