HPE Community
Operating System - HP-UX
1823921 Members
3136 Online
109667 Solutions
New Discussion юеВ

ipfilter logging

 
SOLVED
Go to solution
Peter Gillis
Super Advisor

тАО09-16-2004 10:53 AM

тАО09-16-2004 10:53 AM

ipfilter logging

Hi,
hpux11.11v1. ipfilter A.03.05.08.
I want to get the messages from ipmon utility to go to its own logfile rather than the syslog. Can anyone offer how I might achieve this? syslog is definitely picking up ipmon mesgs; have tried adding line in /etc/syslog.conf: log.info (tab space)/var/adm/syslog/ipf.log . Have inetd -c to reread. Does not appear to have meade any difference.
Thanks
Maria
0 Kudos
8 REPLIES 8
Sundar_7
Honored Contributor

тАО09-16-2004 10:58 AM

тАО09-16-2004 10:58 AM

Solution

Re: ipfilter logging

After modifying /etc/syslog.conf, you need to send HUP signal to syslogd and not to inetd.

# vi /etc/syslog.conf


# kill -1 `cat /var/run/syslogd.pid`
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Peter Gillis
Super Advisor

тАО09-16-2004 11:35 AM

тАО09-16-2004 11:35 AM

Re: ipfilter logging

Thanks Sundar, I ddi the reread of syslogd. I am still not capturing the info in the /var/adm/syslog/ipf.log file. Can anyone offer anything here?
Thanks
Maria
0 Kudos
Sundar_7
Honored Contributor

тАО09-16-2004 11:41 AM

тАО09-16-2004 11:41 AM

Re: ipfilter logging

I dont know which facility IPFILTER uses to log the messages.

How did you figure out IPFILTER uses log.info to log the messges ?

I can only take a wild guess here :-)

# vi /etc/syslog.conf
log.*/var/adm/syslog/ipf.log
#

# kill -1 `cat /var/run/syslog.pid`

After the above kill command, check the /var/adm/syslog directory. You should atleast have an empty ipf.log file.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Sundar_7
Honored Contributor

тАО09-16-2004 11:52 AM

тАО09-16-2004 11:52 AM

Re: ipfilter logging

Maria,

What options are you using with ipmon ? I understand from ipmon(8), if you use -s option with ipmon, it will send the log to /var/adm/syslog/syslog.log file.

ipmon -D

This will start ipmon as a daemon and log the messages to , not to syslog.log

-- Sundar.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Peter Gillis
Super Advisor

тАО09-19-2004 04:40 PM

тАО09-19-2004 04:40 PM

Re: ipfilter logging

Sundar, I read man ipmon(8) - in the section under the -s part, there is some info about the LOG_INFO LOG_ERR..... that is why I tried. I've propbably misunderstood something in reading it. I got to the ipf.log by restarting ipmon with -D & filenanme ipf.log but no -s option. Seems to have worked the trick.
Do you agree the log.info etc files could be used as have tried.
0 Kudos
Robert Fritz
Regular Advisor

тАО09-20-2004 05:18 AM

тАО09-20-2004 05:18 AM

Re: ipfilter logging

Also, don't forget to change IPMON_FLAGS in /etc/rc.config.d/ipfconf to reflect the flag changes, otherwise, you'll get the same old behavior on reboot.
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
0 Kudos
Sundar_7
Honored Contributor

тАО09-20-2004 05:27 AM

тАО09-20-2004 05:27 AM

Re: ipfilter logging

Hi Maria,

I read the man page again for you :-). Yes I believe you have misunderstood the man page.

It is not log.info but rather local0.info

Try this

# vi /etc/syslog.conf
local0.* /var/adm/syslog/ipf.log
#

# kill -1 `cat /var/run/syslog.pid`

Now even if you use the -s option with ipmon, the messages from ipmon will be logged to /var/adm/syslog/ipf.log file.

- Sundar.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Peter Gillis
Super Advisor

тАО09-26-2004 02:15 PM

тАО09-26-2004 02:15 PM

Re: ipfilter logging

Thanks heaps Sundar, you have been extremely helpful. I have used the edit on /etc/syslog.conf file - local0.* .... option, and restarted syslogd. thanks too, to Robert as your info haelped to get the whole picture.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.