Under Mountain Lion, I want logs from ipfw sent to ipfw.log instead of dumped in system.log I've tried to figure out how OSX handles logs, but... after going back and forth between a syslog.conf which does little if anything, a newsyslog.conf that seems to only handle rotation, an asl.conf that adding a line:
didn't work, Google searches and documentation that keeps refering to syslog.conf even though it isn't used, man pages for asl.conf that don't help, man pages for ipfw that say logs are sent to facility LOG_SECURITY but asl.conf doesn't seem to recognize that...
Besides just "How do I do this?", is there a resource that clearly explains how logs are handled in 10.8?
Under Mountain Lion, I want logs from ipfw sent to ipfw.log instead of dumped in system.log I've tried to figure out how OSX handles logs, but... after going back and forth between a syslog.conf which does little if anything, a newsyslog.conf that seems to only handle rotation, an asl.conf that adding a line:
didn't work, Google searches and documentation that keeps refering to syslog.conf even though it isn't used, man pages for asl.conf that don't help, man pages for ipfw that say logs are sent to facility LOG_SECURITY but asl.conf doesn't seem to recognize that...
Besides just "How do I do this?", is there a resource that clearly explains how logs are handled in 10.8?
DESCRIPTION
Note that use of this utility is DEPRECATED. Please use pfctl(8) instead.
Typically when apple does this, it means that the DEPRECATED program still lives in osx(darwin) but is not plugged into the os, in any functional way. So it would be better to see if pfctl(8) will suit your needs.
Another approach would be let everyone know the problem, task your attempting to solve, and chances are there is a way to do it, maybe just not how your expecting it to be done?
Last edited by briandanielz; 09-01-2013 at 03:18 AM..
Reason: added contex, attempting to not sound mean.
Typically when apple does this, it means that the DEPRECATED program still lives in osx(darwin) but is not plugged into the os, in any functional way.
All due respect, but no... you don't know what the term "deprecated" means. Please look it up. ipfw is there, it works, and having its' logs sent to a different destination than where they're currently going has NOTHING to do with ipfw, and everything to do with the logging subsystem.
Quote:
Another approach would be let everyone know the problem, task your attempting to solve, and chances are there is a way to do it, maybe just not how your expecting it to be done?
I stated my problem quite clearly... I want ipfw logs sent to /var/log/ipfw.log instead of /var/log/system.log I'm not sure why you're replying to a post you either didn't read or didn't understand.
---------- Post updated at 11:37 AM ---------- Previous update was at 07:49 AM ----------
It's always fun to answer my own questions :-)
In /etc/asl.conf, there's a line:
It looks like ipfw logs are all level 7, so:
I'm not certain that level 7 will only include ipfw... it's possible other stuff might crop up. But for now, I'm getting the result I expect.
Hello,
This is an SSH Block hammer script using ipfw, that I have modified for my own use. It is for a freenas 7.2 box which is FreeBSD based.
The script works, but if there is more then one hammer attack per day, my issue is the script reads the first five instances of refused or invalid... (2 Replies)
Hello, excuse my English. Please could tell me how I can pass this syntax for iptables to ipfw.
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -m recent
--set --name thor --rdest -j ACCEPT
iptables -A INPUT -p tcp -m tcp --tcp-flag RST RST -m state --state
ESTABLISHED -m recent... (0 Replies)
Hello,
I have a little problem with my server configuration.
So: I have two PC's with DHCP enable and both of them have two NIC's.
PC1 - le0 ADSL
PC1 - le1 192.168.10.1
PC2 - le0 192.168.10.10
PC2 - le1 192.168.20.1
One NIC on PC1 is connected to ADSL, another one have IP address... (3 Replies)
Hi!
I've already posted this on the freebsd-questions mailing list, but I thought I could try it here too.
I'm using FreeBSD 7.0 with IPFW DUMMYNET enabled.
I've got a problem with creating a ruleset, which allows me to limit the overall bandwidth of a link and afterwards pass the packets... (0 Replies)
Hello.
I hope you can help me please.
We are about to bring a few servers online which will be hosting different things...
For one server, it will be hosting a HTTPd, and just wanted to know whether these rules are correct that I have?
To ensure the right interfaces etc, here's a copy of... (1 Reply)
Hi folks,
I am a Mac User, and have little knowledge on IPFW.
I have a set up at home where my computer (with 2 ethernet cards and static IP adresses) serves Internet to my family's computers.
I have already a script that will run automatically at login and called from Cron at certain... (2 Replies)
just as the title says.
thanks.
#General Rule Sets
/sbin/ipfw add 0300 check-state
/sbin/ipfw add 0301 deny tcp from any to any in established
/sbin/ipfw add 0302 pass tcp from any to any out setup keep-state
/sbin/ipfw add 0303 pass udp from any to any out
#SSH FTP
/sbin/ipfw add 0400... (11 Replies)
Is there a general rule I can apply when examining/editing ipfw entries?
Also, does each new entry have to have a unique rule number?
And, I think I can write a script to block code red infected machines (though I'm not sure it would do more than slim down my web server error message log),... (0 Replies)
i am running nat on my freeBSD and web/ftp server.
The rule allow ip from any to any must always be? or how? if i accept all packets to go on my ep0 which diverts all to my intranet it doesnt help, must the rule allow ip from any to any always be ?
even if many rules are between divert rule and... (3 Replies)