# Limit ipmon logging



## Hornpipe2 (Nov 17, 2009)

I use ipf + ipnat to route my LAN onto the network through a FreeBSD gateway.  The gateway is running ipmon and it's dumping every single packet to /var/log/messages, making the logfile essentially useless to me.

How can I limit the amount of logging that ipmon does?  (I start it with ipmon -Ds in rc.conf)


----------



## DutchDaemon (Nov 17, 2009)

Add a filename on the command line and drop the -s?


----------



## Hornpipe2 (Nov 17, 2009)

Well, I'm okay with "important" messages from ipmon landing in /var/log/messages.  The problem is that it's writing "passed" packets there too, which are uninteresting to me right now.

Maybe I could just disable ipmon logging entirely when ipf seems to be doing what it is supposed to be doing.  But that's kind of a drastic solution, and anyway the logs might be useful for troubleshooting a later firewall issue.  I'd rather have it log only when it runs into a specific "log" rule in the ipf.rules set.


----------



## DutchDaemon (Nov 17, 2009)

There are some specifics to the -s flag, look in ipmon(8).

E.g.


> LOG_INFO - packets logged using the "log" keyword as the  action
> rather than pass or block.


----------

