From owner-freebsd-questions Sat Jun 10 17:29:13 2000 Delivered-To: freebsd-questions@freebsd.org Received: from emu.prod.itd.earthlink.net (emu.prod.itd.earthlink.net [207.217.121.31]) by hub.freebsd.org (Postfix) with ESMTP id 1997437B68C for ; Sat, 10 Jun 2000 17:29:11 -0700 (PDT) (envelope-from cjc@earthlink.net) Received: from dialin-client.earthlink.net (pool0229.cvx20-bradley.dialup.earthlink.net [209.179.250.229]) by emu.prod.itd.earthlink.net (8.9.3-EL_1_3/8.9.3) with ESMTP id RAA24333; Sat, 10 Jun 2000 17:29:08 -0700 (PDT) Received: (from cjc@localhost) by dialin-client.earthlink.net (8.9.3/8.9.3) id RAA00240; Sat, 10 Jun 2000 17:27:45 -0700 (PDT) Date: Sat, 10 Jun 2000 17:27:44 -0700 From: "Crist J. Clark" To: Giorgos Keramidas Cc: svga , freebsd-questions@FreeBSD.ORG Subject: Re: Filtering out ipfw from /var/log/messages Message-ID: <20000610172743.A179@dialin-client.earthlink.net> Reply-To: cjclark@alum.mit.edu References: <3940F65E.4571F05C@polbox.com> <20000611165906.C13693@hades.hell.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000611165906.C13693@hades.hell.gr>; from keramida@ceid.upatras.gr on Sun, Jun 11, 2000 at 04:59:06PM +0300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Jun 11, 2000 at 04:59:06PM +0300, Giorgos Keramidas wrote: > On Fri, Jun 09, 2000 at 03:51:26PM +0200, svga wrote: > > Hello, > > > > How to filter out messages including ipfw: which syslog sends to > > /var/log/messages? > > Something like below but working. > > *.notice;kern.debug;lpr.info;mail.crit;news.err |exec grep -v -e > > ipfw: - >> /var/log/messages > > You can try using: > > !ipfw > *.* /dev/null > > I havent' tested it with ipfw, but it works with my pppd/ppp so far. That won't stop anything with the above setup. In 4.0, ipfw messages are generally logged as security.notice. That first entry, '*.notice,' will still be catching them. That is not too tough to fix, just up the level on security messages to /var/log/messages. Most people will live fine with that. However, in previous FreeBSD's, including 3.x-STABLE, ipfw messages are kernel messages. The 'kern.debug' in the first line above will be catching them. You generally don't want to stop kern.notice messages from finding their way to /var/log/messages. It makes keeping them out of /var/log/messages somewhat of a pain. BTW, ppp(8) logs mostly to 'daemon.info' these days. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message