IP Filter FAQ

VI. IPMON

1. I have IPMon logging to syslog, but syslog doesn't log anything, why not?
2. I have IPMon logging to syslog, and I can't use ipmon -oI, why not?
3. When I start ipmon, it fails to start with an error.

1. I have IPMon logging to syslog, but syslog doesn't log anything, why not?

   IPF logs as local0 so you'll want something to the effect of:
   local0.debug /var/log/ipf.log
in your syslog.conf. NOTE: There has to be atleast one TAB in that line, not just spaces.

2. I have IPMon logging to syslog, and I can't use ipmon -oI, why not?

   You can only use one of ipmon -oI and ipmon -s. Just do a tail -f filename where filename is whatever syslog logs ipf stuff to.

3. When I start ipmon, it fails to start with an error.

   Are you running *BSD or SunOS? Check your kernel configuration, make sure you have "options IPFILTER_LOG"