From owner-freebsd-security Thu Jun 14 10:10:24 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.goonda.org (mail.goonda.org [208.37.165.142]) by hub.freebsd.org (Postfix) with SMTP id A4DD937B401 for ; Thu, 14 Jun 2001 10:10:21 -0700 (PDT) (envelope-from goonda@bastard.net) Received: (qmail 26677 invoked from network); 14 Jun 2001 17:10:20 -0000 Received: from unknown (HELO phat.bastard.net) (208.37.165.141) by mail.goonda.org with SMTP; 14 Jun 2001 17:10:20 -0000 Received: from localhost (localhost [127.0.0.1]) by phat.bastard.net (8.11.4/8.11.4) with ESMTP id f5EHAJu55305 for ; Thu, 14 Jun 2001 13:10:19 -0400 (EDT) (envelope-from goonda@bastard.net) Date: Thu, 14 Jun 2001 13:10:19 -0400 (EDT) From: anindya To: Subject: Re: remote syslog question Message-ID: <20010614131003.B55181-100000@phat.bastard.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > What does the syslog.conf(5) on the log host look like? What does > it do with the local0 facility? I have a default syslog.conf on the loghost, and have simply added one line: local0.* /var/log/ipflog If you do a tcpdump(8), do you see > the local0 messages leaving the firewall and getting to the log host? Yes, every other type of syslog message goes to the loghost no problems. Also, if I comment out the local0.* line on the firewall, I start getting ipf messages, so its all working correctly, the real question is, is it possible to send local0.* to both places? thanks, --Anindya To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message