• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

IPMON Logging

MichaelF

New Member


Messages: 12

#1
Hello all!

Tell me please if there's a way to control the ammount of NAT information IMON writes to the log (for example, /var/log/ipfilter.log)?

I mean that to make ipf write to the log I should use the word "log" in the /etc/ipf.rules, but although there's no 'log' word in the /etc/ipnat.rules IPMON writes all nat transactions to the same log (/var/log/ipfilter.log). Can I stop IPMON writing NAT-relating info to the /var/log/ipfilter.log?

My IPMON starts as a daemon and sends its information to syslog, here are the configs:

rc.conf
Code:
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"
...

syslog.conf
Code:
local0.* /var/log/ipfilter.log
ipnat.rules
Code:
map re1 local->public proxy port 21 ftp/tcp
map re1 local->public portmap tcp/udp auto
map re1 local->public
And the second question:
Yesterday I changed a bit my named.conf (added forwarders) and restarted: IMON has stopped writing ANY NAT-related info to my /var/log/ipfilter.log (ipf-related info keeps logging)! That's exactly what I need but...I think 'named' should have no influence on the way IPMON is working. Am I wrong?

Thank you in advance,
Michael
 

bsdfanunix2

New Member


Messages: 4

#2
The solution is
First: syslogd use syslog.conf to make rules
and ipmon use facility local0.

So you must edit syslog.conf to make it
similar to this

With this line tell to syslog to NOT log local0 on /var/log/messages
Code:
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err;local0.none       /var/log/messages
With this one tell to syslog to log local0 on your logfile

Code:
local0.debug     /var/log/ipfilter.log
Reload ipmon and syslog after edit the file