[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Log file getting enormous, why?
From:       Dmitriy Bokiy <ratebor () pro ! icp ! ac ! ru>
Date:       2000-08-27 15:16:46
[Download RAW message or body]

On Sat, Aug 26, 2000 at 11:16:00AM -0500, David J. Kanter wrote:
> I am new to IP Filter and everything seems OK, except my log file (using
> ipmon) is getting tremendous; on the order of 200Mb from one evening's use.
> It seems the culprit is FTPing, but I don't know how to fix it.
> 
> I use FreeBSD with a dial-up connection (tun0) but will soon use DSL with
> PPPoE. My log file stays at 0 bytes while surfing the Internet or getting my
> POP3 mail or retreiving USENET news. But when I try to install a port via
> FTP, that's when all heck breaks loose.
> 
> I will attach my firewall rules.
> 
> Does anyone know how to fix this? I don't quite understand how I could
> analyze these results to find the culprit. How would I use ipfstat to see
> why the log file is blowing up?

man ipfstat ( -h option)
ipfstat -hion| grep log

> 
> And what's the best way of getting the log to log to the /var/log/messages
> rather than a file? I tried ipmon -s ... and changed syslog.conf, but that
> didn't seem to work.

IIRC, IP Filter uses local0 facility by default. You need

local0.*             /your/log/file

entry in syslog.conf then. And a restart of syslog of course.

-Dmitriy

[prev in list] [next in list] [prev in thread] [next in thread]