From owner-freebsd-newbies@FreeBSD.ORG Mon Mar 22 20:08:58 2004 Return-Path: Delivered-To: freebsd-newbies@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F58216A4CE for ; Mon, 22 Mar 2004 20:08:58 -0800 (PST) Received: from smtp.fpwk.com (smtp.fpwk.com [65.218.71.245]) by mx1.FreeBSD.org (Postfix) with ESMTP id D075143D48 for ; Mon, 22 Mar 2004 20:08:57 -0800 (PST) (envelope-from btarver@fpwk.com) Received: by smtp.fpwk.com; Mon, 22 Mar 2004 22:10:16 -0600 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_1080015016-2424-110" Date: Mon, 22 Mar 2004 22:09:35 -0600 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Syslog'ing PIX Thread-Index: AcQQX3/9VgpXH0ISSbClOjRA+0GhIAALAb7Q From: "Brad Tarver" To: X-Scanned-By: MIMEDefang 2.41 Subject: RE: Syslog'ing PIX X-BeenThere: freebsd-newbies@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Gathering place for new users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2004 04:08:58 -0000 This is a multi-part message in MIME format... ------------=_1080015016-2424-110 content-class: urn:content-classes:message Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline I found it after rereading the syslog.conf(5) man page. A hostname specification of the form `#+hostname' or `+hostname' means the following blocks will be applied to messages received from the speci- fied hostname. Alternatively, the hostname specification `#-hostname' or `-hostname' causes the following blocks to be applied to messages from any host but the one specified. If the hostname is given as `@', the local hostname will be used. As for program specifications, multiple comma-seprarated values may be specified for hostname specifications. Also, there appears to be a problem with the !startslip and !ppp at the end the 5.2.1-RELEASE default syslog.conf. None of my +hostname lines were parsed until I put them above the !prog lines. > -----Original Message----- > From: Brad Tarver=20=20 > Sent: Monday, March 22, 2004 04:46 PM > To: 'Freebsd-newbies@freebsd.org' > Subject: Syslog'ing PIX >=20 > I know I've done this before, so I know I'm not crazy. >=20 > I'm trying to log two PIX firewalls, one at 192.168.1.2 and the other > is > at 192.168.100.2. >=20 > Both PIXs are configured like this: > logging on > logging timestamp > logging trap debugging > logging host inside 10.1.1.126 >=20 > There is a way to tell syslogd to log to different files based on the > host > it's coming from: > hostname1: > *.* /var/log/hostname1 >=20 > hostname2: > *.* /var/log/hostname2 >=20 >=20 > I can't remember the modifier that goes on the hostname line to make > syslog separate the files. Does anyone know? I thought it was a : or a > ! >=20 >=20 > -- > Brad Tarver, CCNA > Network Administrator > Forman Perry Watkins Krutz & Tardy > 188 East Capitol Street > Suite 200 > Jackson, MS 39201 > United States > Ph: 601-960-8600 > Fax: 601-960-8613 >=20 >=20 > Furbling, v.: > Having to wander through a maze of ropes at an airport or bank > even when you are the only person in line. > -- Rich Hall, "Sniglets" >=20 Important Confidentiality And Limited Liability Notice This email and any attachments may be confidential and protected by law. If= you are not the intended recipient, be aware that any disclosure, copying,= distribution or use of the email or any attachment is prohibited. If you h= ave received this email in error, please notify us immediately by replying = to the sender and deleting this copy and the reply from your system. Please= note that any views or opinions expressed in this email are solely those o= f the author and do not necessarily represent those of Forman Perry Watkins= Krutz & Tardy LLP. (FPWK&T). The recipient should check this email and any= attachments for the presence of viruses. FPWK&T accepts no liability for a= ny damage caused by any virus transmitted by this email. Thank you for your= cooperation. ------------=_1080015016-2424-110--