IP Filter FAQ

Previous | TOC | Next

VI. IPMON

  1. I have IPMon logging to syslog, but syslog doesn't log anything, why not?
  2. I have IPMon logging to syslog, and I can't use ipmon -oI, why not?
  3. When I start ipmon, it fails to start with an error.
  4. I'm getting wierd ipmon log entries, why?
  5. Can I make IPF log straight to a file instead of to syslog?

  1. I have IPMon logging to syslog, but syslog doesn't log anything, why not?
    IPF logs as local0 so you'll want something to the effect of:
    local0.debug /var/log/ipf.log
    in your syslog.conf. NOTE: There has to be atleast one TAB in that line, not just spaces.
  2. I have IPMon logging to syslog, and I can't use ipmon -oI, why not?
    You can only use one of ipmon -oI and ipmon -s. Just do a tail -f filename where filename is whatever syslog logs ipf stuff to.
  3. When I start ipmon, it fails to start with an error.
    Are you running *BSD or SunOS? Check your kernel configuration, make sure you have "options IPFILTER_LOG"
  4. I'm getting wierd ipmon log entries, why?
    If you're seeing log entries like: Mar 22 13:45:45 gateway ipmon[94]: 13:45:44.302938 xl2 @0:1 S
    Feb 20 17:29:47 gateway ipmon[94]: 17:29:47.377435 xl2 @19:10241 L
    You've recently upgraded IP Filter on your FreeBSD system. FreeBSD installs ipmon in /sbin while IP Filter installs ipmon in /usr/sbin. Thus you are still using the old version of ipmon with your new version of IP Filter. Delete /sbin/ipmon.
  5. Can I make IPF log straight to a file instead of to syslog?
    Sure! Instead of invoking ipmon with the -s option, just specify a filename:
    ipmon filename

    Plus any other options you want. Alternatively, if you want to use syslog, don't specify a filename, and use -s.
Previous | TOC | Next