HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)
authprivftpcron
local0logalertaudit
local3local2local1
local6local5local4
local7
The valid values for priority are:
critalertemerg
noticewarnerr
debuginfo
Example:
block in log level auth.info quick on lan0 from 20.20.20.0/24 to any
block in log level auth.alert quick on lan0 proto tcp from any to 20.20.20.0/24 port = 21
first
You can use the first option with the log keyword to log only the first instance of a certain type
of packet. For example, it might not be important to log 500 attempts to probe your telnet port
from one source. It is a good idea to log the first attempt, however.
The first option only applies to packets in a specific session. You can use the first option to
monitor traffic on your system. For best results, use the first option in conjunction with rules that use
pass and keep state.
Example:
pass in log first proto tcp from any to any flags S keep state
body
You can use the body option with the log keyword to track parts of an IP packet in addition to
the packet header information. IPFilter logs the first 128 bytes of a packet if the body option is
specified. For example:
block in log body proto tcp from 192.168.1.1 to any flags S keep state
NOTE: Using the body option with the log keyword can make your log files very long. Limit the
use of the body option to necessary instances.
Using ipmon to view IPFilter log entries
The ipmon utility displays IPFilter log entries. To configure IPFilter to create log entries, specify the
log keyword in IPFilter rules, as described in Section (page 67). The ipmon utility can also display
the state table log, the NAT log, or any combination of these three. You can run ipmon in the
foreground or as a daemon that logs to syslog or a file.
Log files include both IPv4 and IPv6 log records, ordered according to the time IPFilter receives
the packets.
Syntax
ipmon -options
Options
-a Opens and reads data from all available log files. Equivalent
to -o NSI.
68 Troubleshooting HP-UX IPFilter