Date: Mon, 22 Mar 2004 22:09:35 -0600 From: "Brad Tarver" <btarver@fpwk.com> To: <Freebsd-newbies@freebsd.org> Subject: RE: Syslog'ing PIX Message-ID: <B65FDEB7951F47479839690C823FDD1203683DC9@ms01ex01.fpwk.com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format...
------------=_1080015016-2424-110
content-class: urn:content-classes:message
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
I found it after rereading the syslog.conf(5) man page.
A hostname specification of the form `#+hostname' or `+hostname'
means
the following blocks will be applied to messages received from the
speci-
fied hostname. Alternatively, the hostname specification
`#-hostname' or
`-hostname' causes the following blocks to be applied to messages
from
any host but the one specified. If the hostname is given as `@',
the
local hostname will be used. As for program specifications,
multiple
comma-seprarated values may be specified for hostname
specifications.
Also, there appears to be a problem with the !startslip and !ppp at the
end the 5.2.1-RELEASE default syslog.conf. None of my +hostname lines
were parsed until I put them above the !prog lines.
> -----Original Message-----
> From: Brad Tarver=20=20
> Sent: Monday, March 22, 2004 04:46 PM
> To: 'Freebsd-newbies@freebsd.org'
> Subject: Syslog'ing PIX
>=20
> I know I've done this before, so I know I'm not crazy.
>=20
> I'm trying to log two PIX firewalls, one at 192.168.1.2 and the other
> is
> at 192.168.100.2.
>=20
> Both PIXs are configured like this:
> logging on
> logging timestamp
> logging trap debugging
> logging host inside 10.1.1.126
>=20
> There is a way to tell syslogd to log to different files based on the
> host
> it's coming from:
> hostname1:
> *.* /var/log/hostname1
>=20
> hostname2:
> *.* /var/log/hostname2
>=20
>=20
> I can't remember the modifier that goes on the hostname line to make
> syslog separate the files. Does anyone know? I thought it was a : or a
> !
>=20
>=20
> --
> Brad Tarver, CCNA
> Network Administrator
> Forman Perry Watkins Krutz & Tardy
> 188 East Capitol Street
> Suite 200
> Jackson, MS 39201
> United States
> Ph: 601-960-8600
> Fax: 601-960-8613
>=20
>=20
> Furbling, v.:
> Having to wander through a maze of ropes at an airport or bank
> even when you are the only person in line.
> -- Rich Hall, "Sniglets"
>=20
Important Confidentiality And Limited Liability Notice
This email and any attachments may be confidential and protected by law. If=
you are not the intended recipient, be aware that any disclosure, copying,=
distribution or use of the email or any attachment is prohibited. If you h=
ave received this email in error, please notify us immediately by replying =
to the sender and deleting this copy and the reply from your system. Please=
note that any views or opinions expressed in this email are solely those o=
f the author and do not necessarily represent those of Forman Perry Watkins=
Krutz & Tardy LLP. (FPWK&T). The recipient should check this email and any=
attachments for the presence of viruses. FPWK&T accepts no liability for a=
ny damage caused by any virus transmitted by this email. Thank you for your=
cooperation.
------------=_1080015016-2424-110--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B65FDEB7951F47479839690C823FDD1203683DC9>