Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Jan 2003 14:16:41 -0600
From:      Daniel Schrock <dschrock@speakeasy.net>
To:        Bsd Neophyte <bsdneophyte@yahoo.com>, freebsd-questions@freebsd.org
Subject:   Re: still having syslog problems
Message-ID:  <3E2DAAA9.8010206@speakeasy.net>
In-Reply-To: <b0j7o0$30ec$1@FreeBSD.csie.NCTU.edu.tw>
References:  <b0j7o0$30ec$1@FreeBSD.csie.NCTU.edu.tw>

next in thread | previous in thread | raw e-mail | index | archive | help
Bsd Neophyte wrote:

> 
> unfortunately, i don't know the severity rating of the messages that the
> firewall is sending. 

Starting syslogd with the '-vv' flags will tell you the facility and 
priority.  This is great for testing new logs.


> 
> maybe you can help me out. a typical message looks like this: 
> 
> Jan 20 20:19:08 <16.5> (806 hostname) id=firewall sn=(serial number of
> webramp) time="2003-01-20 20:19:07" fw=(some ip address) pri=5 c=256 m=38
> msg="ICMP packet dropped" n=2956 src==(some ip address) dst==(some ip
> address) rule=0^M 
> 
> again, an assumption, but i think that pri=5 means priority 5, which seems
> to be a notification level event with the cisco router. 
> 
> if this is the case, how could i redirect only FreeBSD notifications to go
> to messages? 
> 
> this is what i have right now:
> 
> ------
> # external hosts (router and firewall) 
> !router 
> local7.* /var/log/router-logs 
> #local7.alert /var/log/router-logs 
> #local7.crit /var/log/router-logs 
> #local7.debug /var/log/router-logs 
> #local7.emerg /var/log/router-logs 
> #local7.err /var/log/router-logs 
> #local7.info /var/log/router-logs 
> #local7.notice /var/log/router-logs 
> #local7.warn /var/log/router-logs 
> ------
> 
> i made the files ahead of time by doing a "touch router-logs".  also is
> noting this as " !router " allowable? 
> 
> i didn't get a clear indication of how to do it in the documentation? is
> it local0.notice or something?

The Cisco logging facility is configurable:
----from my 2509 config:

!
logging facility local4
logging 192.168.23.200

----from my /etc/syslog.conf

*.notice;authpriv.none;auth.none;daemon.none;local0.none;local4.none;local5.none
;local7.none;kern.none  /var/log/messages

[...skip...]

!*
local0.*                                        /var/log/ipmon.log
local4.*                                        /var/log/router.log
local5.*                                        /var/log/switch.log
local7.*                                        /var/log/dhcpd.log




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E2DAAA9.8010206>