From owner-freebsd-security  Fri Aug  7 16:01:32 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA14622
          for freebsd-security-outgoing; Fri, 7 Aug 1998 16:01:32 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from elisa.utopianet.net ([212.210.224.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA14617
          for <freebsd-security@FreeBSD.ORG>; Fri, 7 Aug 1998 16:01:29 -0700 (PDT)
          (envelope-from rlucia@elisa.utopianet.net)
Received: (from rlucia@localhost)
	by elisa.utopianet.net (8.8.8/8.8.7) id BAA18993;
	Sat, 8 Aug 1998 01:02:13 +0200 (CEST)
	(envelope-from rlucia)
Message-ID: <19980808010213.A18953@utopianet.net>
Date: Sat, 8 Aug 1998 01:02:13 +0200
From: Rocco Lucia <rlucia@utopianet.net>
To: "Timothy R. Platt" <tplatt@nethampton.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Sysloging to a remote host
Mail-Followup-To: "Timothy R. Platt" <tplatt@nethampton.com>,
	freebsd-security@FreeBSD.ORG
References: <v04003a00b1f1c739e9eb@[204.141.112.245]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91
In-Reply-To: <v04003a00b1f1c739e9eb@[204.141.112.245]>; from Timothy R. Platt on Fri, Aug 07, 1998 at 06:20:05AM -0700
X-Disclaimer: The truth is out there
X-Organization: Iscanet Internet Services
X-Evil: Microsoft
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Aug 07, 1998 at 06:20:05AM -0700, Timothy R. Platt wrote:
> Should be simple enough, but I just can't get this to work.
> 
> In syslog.conf on 192.168.2.1:
> 
> *.notice;kern.debug;mail.cri			/var/log/messages
> *.notice;kern.debug;mail.cri			@192.168.2.2
> 
> And on 192.168.2.2:
> 
> syslogd -a 192.168.2.1/255.255.255.0
> 
>
>
> 
> Is there anything required in the syslog.conf file on 192.168.2.2?  The
> syslogd/syslog.conf man pages make no mention of it.  Once I do get it
> working, I would like all the messages from the remote machine in a
> separate file, if syslog doesn't take care of that by default.
> 
> TIA,
> 
> Tim
> 
syslogd -a 192.168.2.1/32:*

this should work, allowing just .1 host to be logged
by .2

I don't know if it is possible to filter directly from
syslogd incoming messages, but you can easily do it
'cause you got the ip address of the host who sent
the message in the logfile

rocco


-- 
Rocco Lucia

Iscanet Internet Services
rlucia@utopianet.net
System and Network Admin

Free unices for a free world. Support *BSD.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message