From owner-freebsd-stable Tue Jul 17 12:26:23 2001 Delivered-To: freebsd-stable@freebsd.org Received: from snafu.adept.org (snafu.adept.org [63.201.63.44]) by hub.freebsd.org (Postfix) with ESMTP id 8126B37B403 for ; Tue, 17 Jul 2001 12:26:20 -0700 (PDT) (envelope-from mike@adept.org) Received: by snafu.adept.org (Postfix, from userid 1000) id 1CA179EE06; Tue, 17 Jul 2001 12:26:16 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by snafu.adept.org (Postfix) with ESMTP id 19ECD9B00C; Tue, 17 Jul 2001 12:26:16 -0700 (PDT) Date: Tue, 17 Jul 2001 12:26:16 -0700 (PDT) From: Mike Hoskins To: "Kanno, Ken" Cc: "'stable@freebsd.org'" Subject: Re: syslog config In-Reply-To: <0C3A66859AEF6E42A1B4AB53307B77AA0AF4CF@ex02.ad.rivenet.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 17 Jul 2001, Kanno, Ken wrote: > Jul 17 13:34:41 <4.5> gateway Jul 17 2001 12:35:27: %PIX-5-304001: 10.10.2.1 > Accessed URL 206.40.47.5:/questions.html > Jul 17 13:34:43 <4.5> gateway Jul 17 2001 12:35:30: %PIX-5-304001: 10.10.2.1 > Accessed URL 205.188.140.249:/image/93007873/aim/ Yikes. Do you really need to log this religiously? I crank my PIX log levels down a bit on purpose. But I'm in a smaller office where I trust everyone enough to not want/need to look at URLs they're accessing. > I saw no examples under man for syslog, syslogd or syslog.conf Not entirely true. > # $FreeBSD: src/etc/syslog.conf,v 1.13.2.2 2001/02/26 09:26:11 phk Exp $ > # > # Spaces are NOT valid field separators in this file. > # Consult the syslog.conf(5) manpage. > *.err;kern.debug;auth.notice;mail.crit /dev/console > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages ^^^^^^^^ Here's your problem. ALL notice messages go to /var/log/messages regardless of where else they're routed. Since you're using a facility of local4 on the PIX, I'd suggest adding 'local4.none' to the line above. That will prevent local4.notice messages from being sent to /var/log. Later, -Mike -- Eat drink and be merry, for tomorrow they may make it illegal. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message