Task |
Description |
For Instructions |
---|---|---|
Create a log file. |
Create a separate Solaris IP filter log file. | |
View log files. |
View state, NAT, and normal log files using the ipmon command. | |
Flush the packet log buffer. |
Remove the contents of the packet log buffer using the ipmon -F command. | |
Save logged packets to a file. |
Save logged packets to a file for later reference. |
By default, all log information for Solaris IP Filter is recorded in the syslogd file. You should set up a log file to record Solaris IP Filter traffic information separately from other data that might be logged in the default log file. Perform the following steps.
Assume a role that includes the IP Filter Management rights profile, or become superuser.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Edit the /etc/syslog.conf file by adding the following two lines:
# Save IPFilter log output to its own file local0.debug /var/log/log-name |
On the second line, make sure to use the Tab key, not the Spacebar, to separate local0.debug from /var/log/log-name.
Create the new log file.
# touch /var/log/log-name |
Restart the system-log service.
# svcadm restart system-log |
The following example shows how to create ipmon.log to archive IP filter information.
In /etc/syslog.conf:
# Save IPFilter log output to its own file local0.debug /var/log/ipmon.log |
At the command line:
# touch /var/log/ipmon.log # svcadm restart system-log |
You should create a separate log file to record Solaris IP Filter data. Refer to How to Set Up a Log File for Solaris IP Filter.
Assume a role that includes the IP Filter Management rights profile, or become superuser.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
View the state, NAT, or normal log files. To view a log file, type the following command, using the appropriate option:
# ipmon -o [S|N|I] filename |
Displays the state log file.
Displays the NAT log file.
Displays the normal IP log file.
To view all state, NAT, and normal log files, use all the options:
# ipmon -o SNI filename |
Provided that you have manually stopped the ipmon daemon first, you can also use the following command to display state, NAT, and Solaris IP filter log files:
# ipmon -a filename |
Do not use the ipmon -a syntax if the ipmon daemon is still running. Normally, the daemon is automatically started during system boot. Issuing the ipmon -a command also opens another copy of ipmon. In such a case, both copies read the same log information, and only one gets a particular log message.
For more information about viewing log files, see the ipmon(1M) man page.
The following example shows the output from /var/ipmon.log.
# ipmon -o SNI /var/ipmon.log 02/09/2004 15:27:20.606626 hme0 @0:1 p 129.146.157.149 -> 129.146.157.145 PR icmp len 20 84 icmp echo/0 IN |
or
# pkill ipmon # ipmon -aD /var/ipmon.log 02/09/2004 15:27:20.606626 hme0 @0:1 p 129.146.157.149 -> 129.146.157.145 PR icmp len 20 84 icmp echo/0 IN |
Assume a role that includes the IP Filter Management rights profile, or become superuser.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Flush the pack log buffer.
# ipmon -F |
The following example shows the output when a log file is removed. The system provides a report even when there is nothing stored in the log file, as in this example.
# ipmon -F 0 bytes flushed from log buffer 0 bytes flushed from log buffer 0 bytes flushed from log buffer |
Assume a role that includes the IP Filter Management rights profile, or become superuser.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Save the logged packets to a file.
# cat /dev/ipl > filename |
Continue logging packets to the filename file until you interrupt the procedure by typing Control-C to get the command line prompt back.
The following example shows the result when logged packets are saved to a file.
# cat /dev/ipl > /tmp/logfile ^C# # ipmon -f /tmp/logfile 02/09/2004 15:30:28.708294 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 52 -S IN 02/09/2004 15:30:28.708708 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 40 -A IN 02/09/2004 15:30:28.792611 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 70 -AP IN 02/09/2004 15:30:28.872000 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 40 -A IN 02/09/2004 15:30:28.872142 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 43 -AP IN 02/09/2004 15:30:28.872808 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 40 -A IN 02/09/2004 15:30:28.872951 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 47 -AP IN 02/09/2004 15:30:28.926792 hme0 @0:1 p 129.146.157.149,33923 -> 129.146.157.145,23 PR tcp len 20 40 -A IN . . (output truncated) |