From owner-freebsd-questions@FreeBSD.ORG Thu Feb 26 15:55:00 2009 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 50FFD1065672 for ; Thu, 26 Feb 2009 15:55:00 +0000 (UTC) (envelope-from joost@jodocus.org) Received: from viefep23-int.chello.at (viefep23-int.chello.at [62.179.121.43]) by mx1.freebsd.org (Postfix) with ESMTP id 9FD878FC17 for ; Thu, 26 Feb 2009 15:54:59 +0000 (UTC) (envelope-from joost@jodocus.org) Received: from edge03.upc.biz ([192.168.13.238]) by viefep11-int.chello.at (InterMail vM.7.09.01.00 201-2219-108-20080618) with ESMTP id <20090226153919.NVIJ28446.viefep11-int.chello.at@edge03.upc.biz>; Thu, 26 Feb 2009 16:39:19 +0100 Received: from bps.jodocus.org ([77.248.200.61]) by edge03.upc.biz with edge id LffH1b03N1Kyz9103ffKXL; Thu, 26 Feb 2009 16:39:19 +0100 X-SourceIP: 77.248.200.61 Received: from jodocus.org (localhost [IPv6:::1]) by bps.jodocus.org (8.14.2/8.14.2) with ESMTP id n1QFdHqG004237; Thu, 26 Feb 2009 16:39:17 +0100 (CET) (envelope-from joost@jodocus.org) Received: from 62.12.14.28 (SquirrelMail authenticated user joost) by jodocus.org with HTTP; Thu, 26 Feb 2009 16:39:17 +0100 (CET) Message-ID: <52000.62.12.14.28.1235662757.squirrel@jodocus.org> Date: Thu, 26 Feb 2009 16:39:17 +0100 (CET) From: "Joost Bekkers" To: "Paul Halliday" User-Agent: SquirrelMail/1.4.13 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (bps.jodocus.org [IPv6:::1]); Thu, 26 Feb 2009 16:39:17 +0100 (CET) X-Virus-Scanned: ClamAV 0.94.2/9051/Thu Feb 26 14:08:01 2009 on bps.jodocus.org X-Virus-Status: Clean Cc: questions@freebsd.org Subject: Re: Can stock syslog do hostA -> fileA? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2009 15:55:00 -0000 On Thu, February 26, 2009 15:19, Paul Halliday wrote: > I am collecting syslogs from a PIX and a couple of Barracudas. It would be a lot easier for each to have their own logfile. I have been poking around a bit; I saw this one: > > +host1 /var/log/host1 > > but it doesn't appear to work. Is it being trumped by something else in the config file? Is the syntax wrong? I think you're looking for something like this: !* # reset any previous program selector. Optional +host1 *.* /var/log/host1 +* # reset the host selector. Optional Also keep in mind the default flags for syslogd include a -s which prevents syslogd from logging messages from remote machines. Joost.