Date: Tue, 17 Jul 2001 12:26:16 -0700 (PDT) From: Mike Hoskins <mike@adept.org> To: "Kanno, Ken" <kkanno@rivenet.com> Cc: "'stable@freebsd.org'" <stable@freebsd.org> Subject: Re: syslog config Message-ID: <Pine.BSF.4.21.0107171216330.57080-100000@snafu.adept.org> In-Reply-To: <0C3A66859AEF6E42A1B4AB53307B77AA0AF4CF@ex02.ad.rivenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 17 Jul 2001, Kanno, Ken wrote: > Jul 17 13:34:41 <4.5> gateway Jul 17 2001 12:35:27: %PIX-5-304001: 10.10.2.1 > Accessed URL 206.40.47.5:/questions.html > Jul 17 13:34:43 <4.5> gateway Jul 17 2001 12:35:30: %PIX-5-304001: 10.10.2.1 > Accessed URL 205.188.140.249:/image/93007873/aim/ Yikes. Do you really need to log this religiously? I crank my PIX log levels down a bit on purpose. But I'm in a smaller office where I trust everyone enough to not want/need to look at URLs they're accessing. > I saw no examples under man for syslog, syslogd or syslog.conf Not entirely true. > # $FreeBSD: src/etc/syslog.conf,v 1.13.2.2 2001/02/26 09:26:11 phk Exp $ > # > # Spaces are NOT valid field separators in this file. > # Consult the syslog.conf(5) manpage. > *.err;kern.debug;auth.notice;mail.crit /dev/console > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages ^^^^^^^^ Here's your problem. ALL notice messages go to /var/log/messages regardless of where else they're routed. Since you're using a facility of local4 on the PIX, I'd suggest adding 'local4.none' to the line above. That will prevent local4.notice messages from being sent to /var/log. Later, -Mike -- Eat drink and be merry, for tomorrow they may make it illegal. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0107171216330.57080-100000>