From owner-freebsd-questions@FreeBSD.ORG Thu Dec 14 19:02:56 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 93B3F16A5CB for ; Thu, 14 Dec 2006 19:02:56 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF21743D6B for ; Thu, 14 Dec 2006 19:00:39 +0000 (GMT) (envelope-from david.robillard@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so532166uge for ; Thu, 14 Dec 2006 11:02:15 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=WyuovYPoJ88UZlugIx3kgUkplDh8S/d1xLGv1bzkfDI1X/4tp9Uc4S6VY4Kou506GbmnN06sl2Bqegq+ueRThofnqM1wiONi46d1HQ0EFe1IeLQhHakLgoDSkdxe6BVqtsWAx5usKNVqzCUxSyFDEoCBGDdGvgUr6/Bt2p88kmc= Received: by 10.66.221.6 with SMTP id t6mr1923466ugg.1166122934902; Thu, 14 Dec 2006 11:02:14 -0800 (PST) Received: by 10.67.106.17 with HTTP; Thu, 14 Dec 2006 11:02:14 -0800 (PST) Message-ID: <226ae0c60612141102v6eeb44b3t83e7cf6d8ea7eefa@mail.gmail.com> Date: Thu, 14 Dec 2006 14:02:14 -0500 From: "David Robillard" To: "FreeBSD Questions" MIME-Version: 1.0 Content-Type: text/plain; charset=WINDOWS-1252; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Cc: Subject: Re: remote syslog to specific file X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 19:02:56 -0000 > Hello, > > > I am trying to log my sonicwall FW log to a specific file=85 > > For the moment all logs are sent to /var/log/messages > > I would like them to go to /var/log/sonic.log > > > I have tried couple of things which does not seem to work, among them : > > > +fw.xxx.yyy > > local0.*=09=09/var/log/sonic.log > > +@ > --> not working > > > local0.*=09=09/var/log/sonic.log > --> not working either > > > In /var/log/messages my log are of that format : > > > Dec 14 14:50:49 fw id=3Dfirewall sn=3D0006Bxxx4D6C time=3D"2006-12-14 > > 14:50:45" fw=3D80.98.206.97 pri=3D5 c=3D64 m=3D36 msg=3D"TCP connection > > dropped" n=3D183 src=3D80.97.99.70:3763:WAN:89-90-99-70.pde.norby.ee > > dst=3D192.168.2.3:135:LAN:newmail.rmm.fr proto=3Dtcp/135 > > > > Any help would be welcome. Try installing those two lines in your syslog.conf(5) file and make sure you use TAB instead of spaces. !fw *.* /var/log/sonic.log Then issue a `sudo touch /var/log/sonic.log` as the file must exist before syslogd(8) can write to it (i.e. syslogd(8) does not create files). After this run `sudo /etc/rc.d/syslogd restart` to instruct syslogd(8) of the changes you've made to syslog.conf(5). Finally, make sure you edit newsyslog.conf(5) with something like this to keep your /var file system from filling up. /var/log/sonic.log www:wheel 640 7 100 * J man newsyslog.conf for more on newsyslog.conf(5)'s syntax. Cheers, David --=20 David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122