| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris Administration: IP Services Oracle Solaris 11 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris Administration: IP Services Oracle Solaris 11 Information Library |
1. Planning the Network Deployment
2. Considerations When Using IPv6 Addresses
3. Configuring an IPv4 Network
4. Enabling IPv6 on the Network
5. Administering a TCP/IP Network
7. Troubleshooting Network Problems
11. Administering the ISC DHCP Service
12. Configuring and Administering the DHCP Client
13. DHCP Commands and Files (Reference)
14. IP Security Architecture (Overview)
16. IP Security Architecture (Reference)
17. Internet Key Exchange (Overview)
19. Internet Key Exchange (Reference)
20. IP Filter in Oracle Solaris (Overview)
How to Enable Loopback Filtering
Deactivating and Disabling IP Filter
How to Deactivate Packet Filtering
How to Disable Packet Filtering
Working With IP Filter Rule Sets
Managing Packet Filtering Rule Sets for IP Filter
How to View the Active Packet Filtering Rule Set
How to View the Inactive Packet Filtering Rule Set
How to Activate a Different or Updated Packet Filtering Rule Set
How to Remove a Packet Filtering Rule Set
How to Append Rules to the Active Packet Filtering Rule Set
How to Append Rules to the Inactive Packet Filtering Rule Set
How to Switch Between Active and Inactive Packet Filtering Rule Sets
How to Remove an Inactive Packet Filtering Rule Set From the Kernel
Managing NAT Rules for IP Filter
How to Append Rules to the NAT Rules
Managing Address Pools for IP Filter
How to View Active Address Pools
How to Append Rules to an Address Pool
Displaying Statistics and Information for IP Filter
How to View State Tables for IP Filter
How to View State Statistics for IP Filter
How to View NAT Statistics for IP Filter
How to View Address Pool Statistics for IP Filter
Working With Log Files for IP Filter
How to Set Up a Log File for IP Filter
How to View IP Filter Log Files
Creating and Editing IP Filter Configuration Files
How to Create a Configuration File for IP Filter
IP Filter Configuration File Examples
Part IV Networking Performance
22. Integrated Load Balancer Overview
23. Configuration of Integrated Load Balancer (Tasks)
24. Virtual Router Redundancy Protocol (Overview)
25. VRRP Configuration (Tasks)
26. Implementing Congestion Control
Part V IP Quality of Service (IPQoS)
27. Introducing IPQoS (Overview)
28. Planning for an IPQoS-Enabled Network (Tasks)
29. Creating the IPQoS Configuration File (Tasks)
30. Starting and Maintaining IPQoS (Tasks)
31. Using Flow Accounting and Statistics Gathering (Tasks)
Table 21-5 Working With IP Filter Log Files (Task Map)
|
By default, all log information for IP Filter is recorded in the syslogd file. You should set up a log file to record IP Filter traffic information separately from other data that might be logged in the default log file. Perform the following steps.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# Save IP Filter log output to its own file local0.debug /var/log/log-name
Note - On the second line, make sure to use the Tab key, not the Spacebar, to separate local0.debug from /var/log/log-name.
# touch /var/log/log-name
# svcadm restart system-log
Example 21-20 Creating a IP Filter Log
The following example shows how to create ipmon.log to archive IP Filter information.
In /etc/syslog.conf:
# Save IP Filter log output to its own file local0.debug /var/log/ipmon.log
At the command line:
# touch /var/log/ipmon.log # svcadm restart system-log
Before You Begin
You should create a separate log file to record IP Filter data. Refer to How to Set Up a Log File for IP Filter.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# ipmon -o [S|N|I] filename
Displays the state log file.
Displays the NAT log file.
Displays the normal IP log file.
To view all state, NAT, and normal log files, use all the options:
# ipmon -o SNI filename
# ipmon -a filename
Note - Do not use the ipmon -a syntax if the ipmon daemon is still running. Normally, the daemon is automatically started during system boot. Issuing the ipmon -a command also opens another copy of ipmon. In such a case, both copies read the same log information, and only one gets a particular log message.
For more information about viewing log files, see the ipmon(1M) man page.
Example 21-21 Viewing IP Filter Log Files
The following example shows the output from /var/ipmon.log.
# ipmon -o SNI /var/ipmon.log 02/09/2004 15:27:20.606626 bge0 @0:1 p 129.146.157.149 -> 129.146.157.145 PR icmp len 20 84 icmp echo/0 IN
or
# pkill ipmon # ipmon -aD /var/ipmon.log 02/09/2004 15:27:20.606626 bge0 @0:1 p 129.146.157.149 -> 129.146.157.145 PR icmp len 20 84 icmp echo/0 IN
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# ipmon -F
Example 21-22 Flushing the Packet Log File
The following example shows the output when a log file is removed. The system provides a report even when there is nothing stored in the log file, as in this example.
# ipmon -F 0 bytes flushed from log buffer 0 bytes flushed from log buffer 0 bytes flushed from log buffer
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# cat /dev/ipl > filename
Continue logging packets to the filename file until you interrupt the procedure by typing Control-C to get the command line prompt back.
Example 21-23 Saving Logged Packets to a File
The following example shows the result when logged packets are saved to a file.
# cat /dev/ipl > /tmp/logfile ^C# # ipmon -f /tmp/logfile 02/09/2004 15:30:28.708294 bge0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 52 -S IN 02/09/2004 15:30:28.708708 bge0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 40 -A IN 02/09/2004 15:30:28.792611 bge0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 70 -AP IN 02/09/2004 15:30:28.872000 bge0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 40 -A IN 02/09/2004 15:30:28.872142 bge0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 43 -AP IN 02/09/2004 15:30:28.872808 bge0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 40 -A IN 02/09/2004 15:30:28.872951 bge0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 47 -AP IN 02/09/2004 15:30:28.926792 bge0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 40 -A IN . . (output truncated)
|