From owner-freebsd-security Sat Jun 16 11:53:24 2001 Delivered-To: freebsd-security@freebsd.org Received: from nsmail.corp.globalstar.com (gibraltar.globalstar.com [207.88.248.142]) by hub.freebsd.org (Postfix) with ESMTP id 4A1E037B407 for ; Sat, 16 Jun 2001 11:53:19 -0700 (PDT) (envelope-from crist.clark@globalstar.com) Received: from globalstar.com ([207.88.154.2]) by nsmail.corp.globalstar.com (Netscape Messaging Server 4.15) with ESMTP id GF1DS400.5DW; Sat, 16 Jun 2001 11:52:52 -0700 Message-ID: <3B2BAB11.99A0E52C@globalstar.com> Date: Sat, 16 Jun 2001 11:53:05 -0700 From: "Crist Clark" Organization: Globalstar LP X-Mailer: Mozilla 4.72 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: anindya Cc: freebsd-security@FreeBSD.ORG Subject: Re: remote syslog question References: <20010614161245.D56348-100000@phat.bastard.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org anindya wrote: > > Fernando P . Schapachnik provided me the answer in email: simply > swap the order of the lines in syslog.conf. Apparently syslogd > matches does specific match first, then processes the rules > top-to-bottom. I knew it had to be something simple ;) > > BTW, local0 is the default facility that ipfilter uses, > which is why I am using it in my examples. I have been trying to reproduce this problem on a FreeBSD-STABLE box, but have been unable to. Whether I put, local0.* /var/log/local0.log *.* /var/log/all.log Or, *.* /var/log/all.log local0.* /var/log/local0.log In syslog.conf, I get the same results. -- Crist J. Clark Network Security Engineer crist.clark@globalstar.com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message