Date: Mon, 22 Mar 2004 22:09:35 -0600 From: "Brad Tarver" <btarver@fpwk.com> To: <Freebsd-newbies@freebsd.org> Subject: RE: Syslog'ing PIX Message-ID: <B65FDEB7951F47479839690C823FDD1203683DC9@ms01ex01.fpwk.com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format... ------------=_1080015016-2424-110 content-class: urn:content-classes:message Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline I found it after rereading the syslog.conf(5) man page. A hostname specification of the form `#+hostname' or `+hostname' means the following blocks will be applied to messages received from the speci- fied hostname. Alternatively, the hostname specification `#-hostname' or `-hostname' causes the following blocks to be applied to messages from any host but the one specified. If the hostname is given as `@', the local hostname will be used. As for program specifications, multiple comma-seprarated values may be specified for hostname specifications. Also, there appears to be a problem with the !startslip and !ppp at the end the 5.2.1-RELEASE default syslog.conf. None of my +hostname lines were parsed until I put them above the !prog lines. > -----Original Message----- > From: Brad Tarver=20=20 > Sent: Monday, March 22, 2004 04:46 PM > To: 'Freebsd-newbies@freebsd.org' > Subject: Syslog'ing PIX >=20 > I know I've done this before, so I know I'm not crazy. >=20 > I'm trying to log two PIX firewalls, one at 192.168.1.2 and the other > is > at 192.168.100.2. >=20 > Both PIXs are configured like this: > logging on > logging timestamp > logging trap debugging > logging host inside 10.1.1.126 >=20 > There is a way to tell syslogd to log to different files based on the > host > it's coming from: > hostname1: > *.* /var/log/hostname1 >=20 > hostname2: > *.* /var/log/hostname2 >=20 >=20 > I can't remember the modifier that goes on the hostname line to make > syslog separate the files. Does anyone know? I thought it was a : or a > ! >=20 >=20 > -- > Brad Tarver, CCNA > Network Administrator > Forman Perry Watkins Krutz & Tardy > 188 East Capitol Street > Suite 200 > Jackson, MS 39201 > United States > Ph: 601-960-8600 > Fax: 601-960-8613 >=20 >=20 > Furbling, v.: > Having to wander through a maze of ropes at an airport or bank > even when you are the only person in line. > -- Rich Hall, "Sniglets" >=20 Important Confidentiality And Limited Liability Notice This email and any attachments may be confidential and protected by law. If= you are not the intended recipient, be aware that any disclosure, copying,= distribution or use of the email or any attachment is prohibited. If you h= ave received this email in error, please notify us immediately by replying = to the sender and deleting this copy and the reply from your system. Please= note that any views or opinions expressed in this email are solely those o= f the author and do not necessarily represent those of Forman Perry Watkins= Krutz & Tardy LLP. (FPWK&T). The recipient should check this email and any= attachments for the presence of viruses. FPWK&T accepts no liability for a= ny damage caused by any virus transmitted by this email. Thank you for your= cooperation. ------------=_1080015016-2424-110--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B65FDEB7951F47479839690C823FDD1203683DC9>