In order to enable logging, the CFGFILT command
must be run with the '-d' parameter:
cfgfilt -d start
The 'start' parameter is optional.
This command may be run at any time. However, the easiest way to enable
logging is to include the '-d' parameter when packet filtering is first
activated (using the '-u' and '-i' parameters), i.e.
cfgfilt -u -i -d
This command would presumably be called from one of the TCP/IP startup routines. (Refer to the section Starting the firewall for more information.)
When logging is enabled, the CFGFILT command, when run with no parameters,
should show the following near the top of its output:
Status of packet logging : enabled.
The log daemon
In order to use logging, the log daemon must be running. This is a server process which handles logging requests from the filter device driver, and writes the appropriate entries into a log file.
The log daemon may be started manually by using the command:
fssd
However, in most cases it is more convenient to start the log daemon automatically
during system startup. This may be done by adding the following line to
x:\TCPIP\BIN\TCPEXIT.CMD (where x is the drive on which TCP/IP is
installed):
detach fssd.exe
Using the 'detach' command will cause the log daemon to run as a background process.