log — format of log component configuration


General syntax rules of Kernun Firewall configuration files are described in configuration(7). This man page describes types, sections and items specific for the log component configuration.

Repeatable sections/items are marked by the '*' before section/item name.


Configuration directives have attributes of several value-types. For the basic types description, see configuration(7).

Enumeration is a list of words (names) representing integer values. Some enumerations accept both names and direct integer values; in this case, enumeration description contains values for every name (in parenthesis next to name). For other enumerations, using of names is obligatory.

The following enumerations are used in log configuration directives:

time-cond (see common(5))

zip-mode (see common(5))

dbglev (name-usage optional)

Log Debugging Level.

error (3)

Only errors and statistical messages are logged.

warning (4)

Errors, warnings and statistical messages are logged.

normal (6)

Normal level of logging, all operation messages are logged, no debugging.

debug (7)

Debugging level, firewall operations are logged in detail.

trace (8)

Tracing level, firewall routines calls can be traced.

full (9)

Full debug level, full data flow is logged.

logfail-mode (name-usage obligatory)

Logging to syslog failure mode.

This enumeration describes proxy behavior in case of syslog daemon is not operating.


Ignore syslog write failure.


Switch logging to file.


Stop proxy immediately.


Configuration of log library component consists of following prototypes:

  log { ... }


log {

  level ... ;
  mem-level ... ;
  facility ... ;
  file ... ;
  rotate ... ;
  mem-file ... ;
  syslog-failure ... ;
  data-limit ... ;
  dump-hold-time ... ;


Firewall logging parameters.

If omitted, default values of all attributes are used.


FACILITY and FILE are mutually exclusive.

Cannot use ROTATE without FILE.

Items & subsections:

level [value];

Log debugging level.

value (type: dbglev, optional, default: normal=6)


Logging of error messages cannot be switched off.

Maximal logging level is 9 (full).

mem-level value;

Log level for transient logging to memory.

value (type: dbglev)


Logging of error messages cannot be switched off.

Maximal logging level is 9 (full).

facility value;

Syslog LOCALn facility number.

value (type: uint8)


Maximal facility number is 7.

file name [usec];

Filename used for logging instead of syslogd daemon.

If omitted, syslogd is used.

name (type: str)

usec (type: key, optional)

Log time with microseconds.

rotate [user user] [group group] [mode mode] [count count] [size size] [when [zip]];

Log file rotation description.

If user not specified, PROXY-USER is used.

user user (type: str, optional, default: <NULL>)

Log file owner - user.

group group (type: str, optional, default: "wheel")

Log file owner - group.

mode mode (type: uint16, optional, default: 640)

Log file permissions.

count count (type: uint16, optional, default: 31)

Number of days being archived.

size size (type: uint16, optional, default: 0)

Size limit for rotation in KB (ignore log file size if omitted).

when (type: time-cond, optional, default: anytime)

Rotation periodicity (use SIZE condition if omitted).

zip (type: zip-mode, optional, default: bzip2)

Zipping mode.


Use either size criterion or defined periodicity.

mem-file name [size];

File name (.PID will be added) and size for logging to memory.

name (type: str)

size (type: uint32, optional, default: 16384)

syslog-failure [ignore];

syslog-failure file file;

syslog-failure stop;

Proxy behavior in case of syslog failure.

<branching element> (type: logfail-mode, optional, default: ignore)

file (type: str)

data-limit [bytes];

Per block data limit for full log.

This limit is used as a default value, it can be redefined by means of SOCK-OPT.LOG-LIMIT (see netio(5) manual page).

bytes (type: uint32, optional, default: 128)

dump-hold-time [seconds];

Extensive log dump hold time.

Proxies log in various situations very extensive dumps. Logging of this dump very often is both space consuming and meaningless, so the frequence of such dumps can be controlled by this item.

seconds (type: uint32, optional, default: 60)

[End of section log description.]


configuration(7), common(5), netio(5), logging(7)