From owner-freebsd-questions Tue Jan 21 2:34:38 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9116F37B401 for ; Tue, 21 Jan 2003 02:34:36 -0800 (PST) Received: from web20104.mail.yahoo.com (web20104.mail.yahoo.com [216.136.226.41]) by mx1.FreeBSD.org (Postfix) with SMTP id 3C4E443E4A for ; Tue, 21 Jan 2003 02:34:36 -0800 (PST) (envelope-from bsdneophyte@yahoo.com) Message-ID: <20030121103436.56297.qmail@web20104.mail.yahoo.com> Received: from [68.66.233.27] by web20104.mail.yahoo.com via HTTP; Tue, 21 Jan 2003 02:34:36 PST Date: Tue, 21 Jan 2003 02:34:36 -0800 (PST) From: Bsd Neophyte Subject: still having syslog problems To: freebsd-questions@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG i'm having huge problems with localizing the messages sent to my FreeBSD box by my router and my firewall appliance. all the messages seem to be congregating in /var/log/messages, when i don't want them to. i'm thinking that, the following might be an issue. -------- *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages -------- the "*.notice" second line, i'm assuming means that all notices, regardless of source, are to be sent to /var/log/messages. unfortunately, i don't know the severity rating of the messages that the firewall is sending. maybe you can help me out. a typical message looks like this: Jan 20 20:19:08 <16.5> (806 hostname) id=firewall sn=(serial number of webramp) time="2003-01-20 20:19:07" fw=(some ip address) pri=5 c=256 m=38 msg="ICMP packet dropped" n=2956 src==(some ip address) dst==(some ip address) rule=0^M again, an assumption, but i think that pri=5 means priority 5, which seems to be a notification level event with the cisco router. if this is the case, how could i redirect only FreeBSD notifications to go to messages? this is what i have right now: ------ # external hosts (router and firewall) !router local7.* /var/log/router-logs #local7.alert /var/log/router-logs #local7.crit /var/log/router-logs #local7.debug /var/log/router-logs #local7.emerg /var/log/router-logs #local7.err /var/log/router-logs #local7.info /var/log/router-logs #local7.notice /var/log/router-logs #local7.warn /var/log/router-logs ------ i made the files ahead of time by doing a "touch router-logs". also is noting this as " !router " allowable? i didn't get a clear indication of how to do it in the documentation? is it local0.notice or something? __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message