Date: Tue, 21 Jan 2003 02:34:36 -0800 (PST) From: Bsd Neophyte <bsdneophyte@yahoo.com> To: freebsd-questions@FreeBSD.ORG Subject: still having syslog problems Message-ID: <20030121103436.56297.qmail@web20104.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
i'm having huge problems with localizing the messages sent to my FreeBSD box by my router and my firewall appliance. all the messages seem to be congregating in /var/log/messages, when i don't want them to. i'm thinking that, the following might be an issue. -------- *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages -------- the "*.notice" second line, i'm assuming means that all notices, regardless of source, are to be sent to /var/log/messages. unfortunately, i don't know the severity rating of the messages that the firewall is sending. maybe you can help me out. a typical message looks like this: Jan 20 20:19:08 <16.5> (806 hostname) id=firewall sn=(serial number of webramp) time="2003-01-20 20:19:07" fw=(some ip address) pri=5 c=256 m=38 msg="ICMP packet dropped" n=2956 src==(some ip address) dst==(some ip address) rule=0^M again, an assumption, but i think that pri=5 means priority 5, which seems to be a notification level event with the cisco router. if this is the case, how could i redirect only FreeBSD notifications to go to messages? this is what i have right now: ------ # external hosts (router and firewall) !router local7.* /var/log/router-logs #local7.alert /var/log/router-logs #local7.crit /var/log/router-logs #local7.debug /var/log/router-logs #local7.emerg /var/log/router-logs #local7.err /var/log/router-logs #local7.info /var/log/router-logs #local7.notice /var/log/router-logs #local7.warn /var/log/router-logs ------ i made the files ahead of time by doing a "touch router-logs". also is noting this as " !router " allowable? i didn't get a clear indication of how to do it in the documentation? is it local0.notice or something? __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030121103436.56297.qmail>