IPMON Logging

Hello all!

Tell me please if there's a way to control the ammount of NAT information IMON writes to the log (for example, /var/log/ipfilter.log)?

I mean that to make ipf write to the log I should use the word "log" in the /etc/ipf.rules, but although there's no 'log' word in the /etc/ipnat.rules IPMON writes all nat transactions to the same log (/var/log/ipfilter.log). Can I stop IPMON writing NAT-relating info to the /var/log/ipfilter.log?

My IPMON starts as a daemon and sends its information to syslog, here are the configs:

rc.conf
Code:
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"
...


syslog.conf
Code:
local0.* /var/log/ipfilter.log

ipnat.rules
Code:
map re1 local->public proxy port 21 ftp/tcp
map re1 local->public portmap tcp/udp auto
map re1 local->public

And the second question:
Yesterday I changed a bit my named.conf (added forwarders) and restarted: IMON has stopped writing ANY NAT-related info to my /var/log/ipfilter.log (ipf-related info keeps logging)! That's exactly what I need but...I think 'named' should have no influence on the way IPMON is working. Am I wrong?

Thank you in advance,
Michael
 
The solution is
First: syslogd use syslog.conf to make rules
and ipmon use facility local0.

So you must edit syslog.conf to make it
similar to this

With this line tell to syslog to NOT log local0 on /var/log/messages
Code:
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err;local0.none       /var/log/messages

With this one tell to syslog to log local0 on your logfile

Code:
local0.debug     /var/log/ipfilter.log

Reload ipmon and syslog after edit the file
 
Back
Top