Limit ipmon logging

[Hornpipe2]

I use ipf + ipnat to route my LAN onto the network through a FreeBSD gateway. The gateway is running ipmon and it's dumping every single packet to /var/log/messages, making the logfile essentially useless to me.

How can I limit the amount of logging that ipmon does? (I start it with ipmon -Ds in rc.conf)

 

[DutchDaemon]

Add a filename on the command line and drop the -s?

 

[Hornpipe2]

Well, I'm okay with "important" messages from ipmon landing in /var/log/messages. The problem is that it's writing "passed" packets there too, which are uninteresting to me right now.

Maybe I could just disable ipmon logging entirely when ipf seems to be doing what it is supposed to be doing. But that's kind of a drastic solution, and anyway the logs might be useful for troubleshooting a later firewall issue. I'd rather have it log only when it runs into a specific "log" rule in the ipf.rules set.

 

[DutchDaemon]

There are some specifics to the -s flag, look in ipmon(8).

E.g.

LOG_INFO - packets logged using the "log" keyword as the action
rather than pass or block.