Hi Dancho,

Thank you for responding.  Your efforts are appreciated.

> -----Original Message-----
> From: Dancho Penev [mailto:dpenev@mail.bg]
> Sent: Wednesday, January 01, 2003 07:49
> To: Conrad T. Pino
> Cc: netbsd-help@NetBSD.ORG
> Subject: Re: ipfilter logging without ipmon
> 
> >I wanted to use "ipmon -s -D" to log blocked packets to 
> >"syslogd" but had no success.  Nothing appeared in /var/log 
> >and "ipmon" kept writing to the console.  I'll take any
> >suggestions about this problem.
> 
> Did you change /etc/syslog.conf to log local0.* messages in
> separate file ? In my syslog.conf I have:
> 
> local0.*			/var/log/ipfilter

Yes, I added a similar line at the END of the file.  I also modified this
line near the top:

*.info;auth,authpriv,cron,ftp,kern,local0,lpr,mail.none /var/log/messages
                                   ^^^^^^^
which I understand means don't log local0 to the messages log.

Your reply suggests that I had an error in my setup.  I created a new
syslog.conf file with "local0..." line near the top just below the
"kern.debug /var/log/messages" line and everything seems to be working.

> >In the mean time, can anyone shed some light on what happens 
> >if there is no "ipmon" process running to consume the output generated
> >by "ipfilter"?

I ran my system with ipfilter logging but without ipmon for a day.  It
seems the log buffer fills to about ~40 log entries and stops accepting
additional entries.

Thanks again,

Conrad