How to enable ipfw.log?

 
Thread Tools Search this Thread
Operating Systems OS X (Apple) How to enable ipfw.log?
# 1  
Old 08-29-2013
Question How to enable ipfw.log?

Under Mountain Lion, I want logs from ipfw sent to ipfw.log instead of dumped in system.log I've tried to figure out how OSX handles logs, but... after going back and forth between a syslog.conf which does little if anything, a newsyslog.conf that seems to only handle rotation, an asl.conf that adding a line:
Code:
? [= Facility LOG_SECURITY] file /var/log/ipfw.log

didn't work, Google searches and documentation that keeps refering to syslog.conf even though it isn't used, man pages for asl.conf that don't help, man pages for ipfw that say logs are sent to facility LOG_SECURITY but asl.conf doesn't seem to recognize that...

Besides just "How do I do this?", is there a resource that clearly explains how logs are handled in 10.8?

Last edited by jnojr; 08-29-2013 at 05:02 PM..
# 2  
Old 09-01-2013
Quote:
Originally Posted by jnojr
Under Mountain Lion, I want logs from ipfw sent to ipfw.log instead of dumped in system.log I've tried to figure out how OSX handles logs, but... after going back and forth between a syslog.conf which does little if anything, a newsyslog.conf that seems to only handle rotation, an asl.conf that adding a line:
Code:
? [= Facility LOG_SECURITY] file /var/log/ipfw.log

didn't work, Google searches and documentation that keeps refering to syslog.conf even though it isn't used, man pages for asl.conf that don't help, man pages for ipfw that say logs are sent to facility LOG_SECURITY but asl.conf doesn't seem to recognize that...

Besides just "How do I do this?", is there a resource that clearly explains how logs are handled in 10.8?
It looks like the apples man page for ifpw answers your question.

Quote:
DESCRIPTION
Note that use of this utility is DEPRECATED. Please use pfctl(8) instead.
Typically when apple does this, it means that the DEPRECATED program still lives in osx(darwin) but is not plugged into the os, in any functional way. So it would be better to see if pfctl(8) will suit your needs.

Another approach would be let everyone know the problem, task your attempting to solve, and chances are there is a way to do it, maybe just not how your expecting it to be done?

Last edited by briandanielz; 09-01-2013 at 03:18 AM.. Reason: added contex, attempting to not sound mean.
# 3  
Old 09-03-2013
Quote:
Originally Posted by briandanielz
It looks like the apples man page for ifpw answers your question.
No, it doesn't.

Quote:
Typically when apple does this, it means that the DEPRECATED program still lives in osx(darwin) but is not plugged into the os, in any functional way.
All due respect, but no... you don't know what the term "deprecated" means. Please look it up. ipfw is there, it works, and having its' logs sent to a different destination than where they're currently going has NOTHING to do with ipfw, and everything to do with the logging subsystem.

Quote:
Another approach would be let everyone know the problem, task your attempting to solve, and chances are there is a way to do it, maybe just not how your expecting it to be done?
I stated my problem quite clearly... I want ipfw logs sent to /var/log/ipfw.log instead of /var/log/system.log I'm not sure why you're replying to a post you either didn't read or didn't understand.

---------- Post updated at 11:37 AM ---------- Previous update was at 07:49 AM ----------

It's always fun to answer my own questions :-)

In /etc/asl.conf, there's a line:

Code:
# kernel messages get saved in system.log
? [= Sender kernel] file /var/log/system.log mode=0600 gid=80 format=bsd

It looks like ipfw logs are all level 7, so:

Code:
? [= Sender kernel] [< Level 7] file /var/log/system.log mode=0600 gid=80 format=bsd
? [= Sender kernel] [= Level 7] file /var/log/ipfw.log mode=0600 gid=80 format=bsd

I'm not certain that level 7 will only include ipfw... it's possible other stuff might crop up. But for now, I'm getting the result I expect.
This User Gave Thanks to jnojr For This Post:
# 4  
Old 09-13-2013
Actually, a better recipe:

Code:
# IPFW logs
? [= Sender kernel] [A= Message ip] file /var/log/ipfw.log
? [= Sender kernel] [A= Message ip] ignore

# kernel messages get saved in system.log
? [= Sender kernel] file /var/log/system.log mode=0600 gid=80 format=bsd

So far, this seems to be doing just what I want... sending all ipfw/ip6fw logs to ipfw.log and leaving everything else in system.log
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Help, SSH /ipfw block script

Hello, This is an SSH Block hammer script using ipfw, that I have modified for my own use. It is for a freenas 7.2 box which is FreeBSD based. The script works, but if there is more then one hammer attack per day, my issue is the script reads the first five instances of refused or invalid... (2 Replies)
Discussion started by: dpreviti
2 Replies

2. Cybersecurity

pass syntax iptables to ipfw

Hello, excuse my English. Please could tell me how I can pass this syntax for iptables to ipfw. iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -m recent --set --name thor --rdest -j ACCEPT iptables -A INPUT -p tcp -m tcp --tcp-flag RST RST -m state --state ESTABLISHED -m recent... (0 Replies)
Discussion started by: dot357
0 Replies

3. UNIX for Advanced & Expert Users

ipfw and dhcp

Hello, I have a little problem with my server configuration. So: I have two PC's with DHCP enable and both of them have two NIC's. PC1 - le0 ADSL PC1 - le1 192.168.10.1 PC2 - le0 192.168.10.10 PC2 - le1 192.168.20.1 One NIC on PC1 is connected to ADSL, another one have IP address... (3 Replies)
Discussion started by: mrowcp
3 Replies

4. BSD

Using several pipes in ipfw (dummynet)

Hi! I've already posted this on the freebsd-questions mailing list, but I thought I could try it here too. I'm using FreeBSD 7.0 with IPFW DUMMYNET enabled. I've got a problem with creating a ruleset, which allows me to limit the overall bandwidth of a link and afterwards pass the packets... (0 Replies)
Discussion started by: xenator
0 Replies

5. Cybersecurity

FreeBSD IPFW Rules clarification please...

Hello. I hope you can help me please. We are about to bring a few servers online which will be hosting different things... For one server, it will be hosting a HTTPd, and just wanted to know whether these rules are correct that I have? To ensure the right interfaces etc, here's a copy of... (1 Reply)
Discussion started by: DanUK
1 Replies

6. Solaris

enable log

dear all i want to enable the below logs can you help me /var/adm/xferlog /var/spool/uucp/.Admin thanx you (0 Replies)
Discussion started by: murad.jaber
0 Replies

7. UNIX for Dummies Questions & Answers

Need help with IPFW.. Please...

Hi folks, I am a Mac User, and have little knowledge on IPFW. I have a set up at home where my computer (with 2 ethernet cards and static IP adresses) serves Internet to my family's computers. I have already a script that will run automatically at login and called from Cron at certain... (2 Replies)
Discussion started by: fundidor
2 Replies

8. BSD

ipfw slow ssh and ftp connections

just as the title says. thanks. #General Rule Sets /sbin/ipfw add 0300 check-state /sbin/ipfw add 0301 deny tcp from any to any in established /sbin/ipfw add 0302 pass tcp from any to any out setup keep-state /sbin/ipfw add 0303 pass udp from any to any out #SSH FTP /sbin/ipfw add 0400... (11 Replies)
Discussion started by: dwildgoose
11 Replies

9. Cybersecurity

ipfw directives and order of precidence...

Is there a general rule I can apply when examining/editing ipfw entries? Also, does each new entry have to have a unique rule number? And, I think I can write a script to block code red infected machines (though I'm not sure it would do more than slim down my web server error message log),... (0 Replies)
Discussion started by: [MA]Flying_Meat
0 Replies

10. UNIX for Dummies Questions & Answers

fBSD nat ipfw

i am running nat on my freeBSD and web/ftp server. The rule allow ip from any to any must always be? or how? if i accept all packets to go on my ep0 which diverts all to my intranet it doesnt help, must the rule allow ip from any to any always be ? even if many rules are between divert rule and... (3 Replies)
Discussion started by: hachik
3 Replies
Login or Register to Ask a Question