From owner-freebsd-questions Wed Oct 2 4:21: 0 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B852637B401 for ; Wed, 2 Oct 2002 04:20:58 -0700 (PDT) Received: from dweimer.org (65-64-111-28.ded.swbell.net [65.64.111.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAAEE43E42 for ; Wed, 2 Oct 2002 04:20:57 -0700 (PDT) (envelope-from dweimer@dweimer.org) Received: from DWeimer.Org (localhost.org [127.0.0.1]) by dweimer.org (8.12.3/8.12.3) with SMTP id g92BKt0g044927; Wed, 2 Oct 2002 06:20:55 -0500 (CDT) (envelope-from dweimer@dweimer.org) Message-Id: <200210021120.g92BKt0g044927@dweimer.org> Date: Wed, 2 Oct 2002 11:20:55 -0000 To: "Toomas Aas" , Subject: Re: ipmon syslogd problems From: "Dean E. Weimer" X-Mailer: TWIG 2.7.6 In-Reply-To: <200210020634.g926YxW16650@lv.raad.tartu.ee> Reply-To: dweimer@dweimer.org Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Toomas Aas said: > > I have ipfilter set up and running fine, but I have been finding that my > > security logs show up in both my security and messages log files. ipmon is > > running with the command "ipmon -oI -s -D" and my syslog.conf file has the > > following relevant configuration. > > .. > > local0.* /var/log/security > > security.* /var/log/security > > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages > > I believe *.notice includes all the higher levels, such as *.err and > *.warning. > > If you don't want messages from local0 and security facilities to > appear in /var/log/messages, add this to /var/log/messages: > > local0.none;security.none > Looking at the man page for syslog I see the line that I missed before that talks about the special facility log level "none". One thing to note, if you put it before the *.notice, you still get the messages, but putting it on the end of the line works. > -- > Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/ > * I haven't lost my mind; I know exactly where I left it. > > -- Thanks, Dean E. Weimer http://www.dweimer.org/ ________________________________________________________________ This message was sent from dweimer.org using TWIG - The Web Information Gateway. - For more information visit http://www.dweimer.org/ - To Report Abuse Contact dweimer@dweimer.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message