How to enable ipfw.log?

Under Mountain Lion, I want logs from ipfw sent to ipfw.log instead of dumped in system.log I've tried to figure out how OSX handles logs, but... after going back and forth between a syslog.conf which does little if anything, a newsyslog.conf that seems to only handle rotation, an asl.conf that adding a line:

? [= Facility LOG_SECURITY] file /var/log/ipfw.log

didn't work, Google searches and documentation that keeps refering to syslog.conf even though it isn't used, man pages for asl.conf that don't help, man pages for ipfw that say logs are sent to facility LOG_SECURITY but asl.conf doesn't seem to recognize that...

Besides just "How do I do this?", is there a resource that clearly explains how logs are handled in 10.8?

It looks like the apples man page for ifpw answers your question.

Typically when apple does this, it means that the DEPRECATED program still lives in osx(darwin) but is not plugged into the os, in any functional way. So it would be better to see if pfctl(8) will suit your needs.

Another approach would be let everyone know the problem, task your attempting to solve, and chances are there is a way to do it, maybe just not how your expecting it to be done?

No, it doesn't.

All due respect, but no... you don't know what the term "deprecated" means. Please look it up. ipfw is there, it works, and having its' logs sent to a different destination than where they're currently going has NOTHING to do with ipfw, and everything to do with the logging subsystem.

I stated my problem quite clearly... I want ipfw logs sent to /var/log/ipfw.log instead of /var/log/system.log I'm not sure why you're replying to a post you either didn't read or didn't understand.

---------- Post updated at 11:37 AM ---------- Previous update was at 07:49 AM ----------

It's always fun to answer my own questions :slight_smile:

In /etc/asl.conf, there's a line:

# kernel messages get saved in system.log
? [= Sender kernel] file /var/log/system.log mode=0600 gid=80 format=bsd

It looks like ipfw logs are all level 7, so:

? [= Sender kernel] [< Level 7] file /var/log/system.log mode=0600 gid=80 format=bsd
? [= Sender kernel] [= Level 7] file /var/log/ipfw.log mode=0600 gid=80 format=bsd

I'm not certain that level 7 will only include ipfw... it's possible other stuff might crop up. But for now, I'm getting the result I expect.

1 Like

Actually, a better recipe:

# IPFW logs
? [= Sender kernel] [A= Message ip] file /var/log/ipfw.log
? [= Sender kernel] [A= Message ip] ignore

# kernel messages get saved in system.log
? [= Sender kernel] file /var/log/system.log mode=0600 gid=80 format=bsd

So far, this seems to be doing just what I want... sending all ipfw/ip6fw logs to ipfw.log and leaving everything else in system.log