Working With Log Files for Oracle Solaris IP Filter
Table 26–6 Working With Oracle Solaris IP Filter Log Files (Task Map)|
Task |
Description |
For Instructions |
|---|---|---|
|
Create a log file. |
Create a separate Oracle Solaris IP filter log file. | |
|
View log files. |
View state, NAT, and normal log files using the ipmon command. | |
|
Flush the packet log buffer. |
Remove the contents of the packet log buffer using the ipmon -F command. | |
|
Save logged packets to a file. |
Save logged packets to a file for later reference. |
How to Set Up a Log File for Oracle Solaris IP Filter
By default, all log information for Oracle Solaris IP Filter is recorded in the syslogd file. You should set up a log file to record Oracle Solaris IP Filter traffic information separately from other data that might be logged in the default log file. Perform the following steps.
-
Assume a role that includes the IP Filter Management rights profile, or become superuser.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
-
Edit the /etc/syslog.conf file by adding the following two lines:
# Save IPFilter log output to its own file local0.debug /var/log/log-name
Note –On the second line, make sure to use the Tab key, not the Spacebar, to separate local0.debug from /var/log/log-name.
-
Create the new log file.
# touch /var/log/log-name
-
Restart the system-log service.
# svcadm restart system-log
Example 26–21 Creating a Oracle Solaris IP Filter Log
The following example shows how to create ipmon.log to archive IP filter information.
In /etc/syslog.conf:
# Save IPFilter log output to its own file local0.debug /var/log/ipmon.log |
At the command line:
# touch /var/log/ipmon.log # svcadm restart system-log |
How to View Oracle Solaris IP Filter Log Files
Before You Begin
You should create a separate log file to record Oracle Solaris IP Filter data. Refer to How to Set Up a Log File for Oracle Solaris IP Filter.
-
Assume a role that includes the IP Filter Management rights profile, or become superuser.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
-
View the state, NAT, or normal log files. To view a log file, type the following command, using the appropriate option:
# ipmon -o [S|N|I] filename
- S
-
Displays the state log file.
- N
-
Displays the NAT log file.
- I
-
Displays the normal IP log file.
To view all state, NAT, and normal log files, use all the options:
# ipmon -o SNI filename
-
Provided that you have manually stopped the ipmon daemon first, you can also use the following command to display state, NAT, and Oracle Solaris IP filter log files:
# ipmon -a filename
Note –Do not use the ipmon -a syntax if the ipmon daemon is still running. Normally, the daemon is automatically started during system boot. Issuing the ipmon -a command also opens another copy of ipmon. In such a case, both copies read the same log information, and only one gets a particular log message.
For more information about viewing log files, see the ipmon(1M) man page.
Example 26–22 Viewing Oracle Solaris IP Filter Log Files
The following example shows the output from /var/ipmon.log.
# ipmon -o SNI /var/ipmon.log 02/09/2004 15:27:20.606626 hme0 @0:1 p 129.146.157.149 -> 129.146.157.145 PR icmp len 20 84 icmp echo/0 IN |
or
# pkill ipmon # ipmon -aD /var/ipmon.log 02/09/2004 15:27:20.606626 hme0 @0:1 p 129.146.157.149 -> 129.146.157.145 PR icmp len 20 84 icmp echo/0 IN |
How to Flush the Packet Log File
-
Assume a role that includes the IP Filter Management rights profile, or become superuser.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
-
Flush the pack log buffer.
# ipmon -F
Example 26–23 Flushing the Packet Log File
The following example shows the output when a log file is removed. The system provides a report even when there is nothing stored in the log file, as in this example.
# ipmon -F 0 bytes flushed from log buffer 0 bytes flushed from log buffer 0 bytes flushed from log buffer |
How to Save Logged Packets to a File
-
Assume a role that includes the IP Filter Management rights profile, or become superuser.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
-
Save the logged packets to a file.
# cat /dev/ipl > filename
Continue logging packets to the filename file until you interrupt the procedure by typing Control-C to get the command line prompt back.
Example 26–24 Saving Logged Packets to a File
The following example shows the result when logged packets are saved to a file.
# cat /dev/ipl > /tmp/logfile ^C# # ipmon -f /tmp/logfile 02/09/2004 15:30:28.708294 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 52 -S IN 02/09/2004 15:30:28.708708 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 40 -A IN 02/09/2004 15:30:28.792611 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 70 -AP IN 02/09/2004 15:30:28.872000 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 40 -A IN 02/09/2004 15:30:28.872142 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 43 -AP IN 02/09/2004 15:30:28.872808 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 40 -A IN 02/09/2004 15:30:28.872951 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 47 -AP IN 02/09/2004 15:30:28.926792 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 40 -A IN . . (output truncated) |
- © 2010, Oracle Corporation and/or its affiliates