Date: Wed, 28 May 2003 23:39:54 +0300 (EEST) From: "Taras Y. NIZHNIK" <taren@el.ntu-kpi.kiev.ua> To: "Simon L. Nielsen" <simon@nitro.dk> Cc: security@freebsd.org Subject: Re: FW: Question about logging. Message-ID: <20030528233144.R52694-100000@doppelganger.el.ntu-kpi.kiev.ua> In-Reply-To: <20030528201417.GA3741@nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 28 May 2003, Simon L. Nielsen wrote: > > > I think you can use something like this in syslog.conf (untested) : > > > > > > !-ipfw > > > *.err;kern.debug;auth.notice;mail.crit /dev/console > > This would match log entries generated by a userland application named > > 'ipfw'. The ipfw log lines are, however, generated by the *kernel*, and > > they would never match this rule. > Ehh, I have the following in my syslog.conf, and it works just fine : > > !ipfw > *.* /var/log/ipfw.log > > I only get lines like : > May 20 02:16:28 arthur /kernel: ipfw: 65300 Deny UDP 192.168.3.2:53 192.168.2.3:49239 in via xl0 > in var/log/ipfw.log > > I guess it shouldn't work, but it does :-) Why do you think it should not? "man 5 syslog.conf" says, that it *should* work: <cite> A program specification for `foo' will also match any message logged by the kernel with the prefix `foo: '. </cite> So, if you have no running program, named "ipfw", which logs to syslogd, the only messages logged to /var/log/ipfw.log will be messages from "/kernel: ipfw:" -- Taras Y. NIZHNIK, AKA Taren, XN7211-XTF, TYN-UANIC, TYN1-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030528233144.R52694-100000>