ホストOS:Debian GNU/Linux 10.7
ゲストOS:FreeBSD 12.2-RELEASE r366954 GENERIC amd64 

iplog 2.2.3 by Ryan McCabe



# pkg install iplog-2.2.3_3
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        iplog: 2.2.3_3

Number of packages to be installed: 1

35 KiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching iplog-2.2.3_3.txz: 100%   35 KiB  35.5kB/s    00:01
Checking integrity... done (0 conflicting)
[1/1] Installing iplog-2.2.3_3...
[1/1] Extracting iplog-2.2.3_3: 100%
Message from iplog-2.2.3_3:


# cp /usr/local/etc/iplog.conf.sample /usr/local/etc/iplog.conf

interfaceはifconfigで確認して 、監視ポートは適宜環境に合わせて設定する。

# vi /usr/local/etc/iplog.conf

** $Id: example-iplog.conf,v 1.2 2000/12/31 18:40:40 odin Exp $
** Example iplog configuration file.
** Edit me and copy me to /usr/local/etc/iplog.conf
** See iplog.conf(5) for details on syntax and a full description
** of available options.

# Run as an unprivileged account with the login "iplog"
user iplog

# Run with group "nogroup"
group nogroup

# User "iplog" has write permission for the directory "/var/run/iplog"
pid-file /var/run/iplog/iplog.pid

# Log to /var/log/iplog
logfile /var/log/iplog

# Use the syslog(3) facility log_daemon.
facility log_daemon

# Use the syslog(3) priority (level) log_info.
priority log_info

# Log the IP address as well as the hostname of packets.
set log_ip true

# Do not log the destination of packets.
set log_dest false

# Ignore DNS traffic from nameservers in /etc/resolv.conf.
#set ignore_dns

# Listen on eth0 and eth1
interface vtnet0
ignore icmp
ignore tcp dport 53
ignore udp dport 53
ignore udp dport 123

# Operate in promiscuous mode and watch the 192.168.0.x network
# promisc

** Ignore DNS traffic from nameservers.
** Using the -d option will add similar rules for all nameservers
** listed in /etc/resolv.conf
#ignore udp from sport 53
#ignore udp from sport 53

# Example log statement.
#log tcp dport 1045:1055 sport ftp-data

# Ignore ftp-data connections from to ports 1024 and above.
#ignore tcp dport 1024: sport 20

# Ignore WWW connections, if you're running a WWW server.
#ignore tcp dport 80

# Ignore ICMP unreach.
#ignore icmp type unreach

# Ignore all ICMP except ICMP echo packets.
#ignore icmp type !echo

# Ignore UDP traffic from the 127.1.2 network
#ignore udp from 127.1.2/24

# or
#ignore udp from 127.1.2/


# vi /etc/rc.conf


# /usr/local/etc/rc.d/iplog start
Starting iplog.


vi /etc/newsyslog.conf
/var/log/iplog iplog:nogroup 644 10 1024 * J /var/run/iplog/iplog.pid