How to Set Up a Log File for IP Filter - Securing the Network in Oracle® Solaris 11.2

Securing the Network in Oracle^® Solaris 11.2

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Securing the Network in Oracle^® ... » Configuring IP Filter » Working With Log Files for IP Filter » How to Set Up a Log File for IP Filter

Updated: August 2014

Securing the Network in Oracle^® Solaris 11.2

Document Information

Using This Documentation

Chapter 1 Using Link Protection in Virtualized Environments

Chapter 2 Tuning Your Network

Chapter 3 Web Servers and the Secure Sockets Layer Protocol

Chapter 4 About IP Filter in Oracle Solaris

Chapter 5 Configuring IP Filter

Configuring the IP Filter Service

How to Display IP Filter Service Defaults

How to Create IP Filter Configuration Files

How to Enable and Refresh IP Filter

How to Disable Packet Reassembly

How to Enable Loopback Filtering

How to Disable Packet Filtering

Working With IP Filter Rule Sets

Managing Packet Filtering Rule Sets for IP Filter

Managing NAT Rules for IP Filter

Managing Address Pools for IP Filter

Displaying Statistics and Information for IP Filter

How to View State Tables for IP Filter

How to View State Statistics for IP Filter

How to View IP Filter Tunable Parameters

How to View NAT Statistics for IP Filter

How to View Address Pool Statistics for IP Filter

Working With Log Files for IP Filter

How to Set Up a Log File for IP Filter

How to View IP Filter Log Files

How to Flush the Packet Log Buffer

How to Save Logged Packets to a File

IP Filter Configuration File Examples

Chapter 6 About IP Security Architecture

Chapter 7 Configuring IPsec

Chapter 8 About Internet Key Exchange

Chapter 9 Configuring IKEv2

Chapter 10 Configuring IKEv1

Chapter 11 Troubleshooting IPsec and Its Key Management Services

Chapter 12 IPsec and Key Management Reference

Network Security Glossary

Language:

How to Set Up a Log File for IP Filter

By default, all log information for IP Filter is recorded by syslog. It is good practice to create a log file to record IP Filter traffic information separately from other data that might be logged in the syslog log file.

Before You Begin

You must assume the root role.

Determine which system-log service instance is enabled.

% svcs system-log
STATE          STIME    FMRI
disabled       13:11:55 svc:/system/system-log:rsyslog
online         13:13:27 svc:/system/system-log:default

Note - If the rsyslog service instance is online, modify the rsyslog.conf file.

Edit the /etc/syslog.conf file by adding the following two lines:
```
# Save IP Filter log output to its own file 
local0.debug             /var/log/log-name
```
Note - In your entry, use the Tab key, not the Spacebar, to separate local0.debug from /var/log/log-name. For more information, see the syslog.conf(4) and syslogd(1M) man pages.
Create the new log file.
```
# touch /var/log/log-name
```
Refresh the configuration information for the system-log service.
```
# svcadm refresh system-log:default
```
Note - Refresh the system-log:rsyslog service instance if the rsyslog service is enabled.

Example 5-16 Creating an IP Filter Log

The following example shows how to create ipmon.log to archive IP Filter information.

Edit the syslog.conf.

pfedit /etc/syslog.conf
## Save IP Filter log output to its own file
local0.debug<Tab>/var/log/ipmon.log

Then, on the command line, create the file and restart the service.

# touch /var/log/ipmon.log
# svcadm restart system-log

Copyright © 1999, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices