Date: Fri, 15 Dec 2006 01:42:19 +0100 From: bsd <bsd@todoo.biz> To: David Robillard <david.robillard@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: remote syslog to specific file Message-ID: <424F3BBC-28A9-4CC2-B0A1-3E5B96E644A4@todoo.biz> In-Reply-To: <226ae0c60612141102v6eeb44b3t83e7cf6d8ea7eefa@mail.gmail.com> References: <226ae0c60612141102v6eeb44b3t83e7cf6d8ea7eefa@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks David but=85 I have followed precisely your advises and It keeps on loging to /var/=20= log/messages instead of /var/log/sonic.log ?? > !fw > *.* /var/log/sonic.log Using tab instead and no spaces - restarting syslog - ?? I have also tried !firewall // no success // My logs are coming from a remote host maybe this is the reason why it =20= can't log to sonic.log ? localhost --> 192.168.2.2 remote host --> 192.168.2.1 Any help would still be apreciated ?!? Le 14 d=E9c. 06 =E0 20:02, David Robillard a =E9crit : >> Hello, >> >> >> I am trying to log my sonicwall FW log to a specific file=85 >> >> For the moment all logs are sent to /var/log/messages >> >> I would like them to go to /var/log/sonic.log >> >> >> I have tried couple of things which does not seem to work, among =20 >> them : >> >> > +fw.xxx.yyy >> > local0.* /var/log/sonic.log >> > +@ >> --> not working >> >> > local0.* /var/log/sonic.log >> --> not working either >> >> >> In /var/log/messages my log are of that format : >> >> > Dec 14 14:50:49 fw id=3Dfirewall sn=3D0006Bxxx4D6C time=3D"2006-12-14= >> > 14:50:45" fw=3D80.98.206.97 pri=3D5 c=3D64 m=3D36 msg=3D"TCP = connection >> > dropped" n=3D183 src=3D80.97.99.70:3763:WAN:89-90-99-70.pde.norby.ee >> > dst=3D192.168.2.3:135:LAN:newmail.rmm.fr proto=3Dtcp/135 >> >> >> >> Any help would be welcome. > > Try installing those two lines in your syslog.conf(5) file and make > sure you use TAB instead of spaces. > > !fw > *.* /var/log/sonic.log > > Then issue a `sudo touch /var/log/sonic.log` as the file must exist > before syslogd(8) can write to it (i.e. syslogd(8) does not create > files). > > After this run `sudo /etc/rc.d/syslogd restart` to instruct syslogd(8) > of the changes you've made to syslog.conf(5). > > Finally, make sure you edit newsyslog.conf(5) with something like this > to keep your /var file system from filling up. > > /var/log/sonic.log www:wheel 640 7 100 * J > > man newsyslog.conf for more on newsyslog.conf(5)'s syntax. > > Cheers, > > David > --=20 > David Robillard > UNIX systems administrator & Oracle DBA > CISSP, RHCE & Sun Certified Security Administrator > Montreal: +1 514 966 0122 ________________________________________________ =AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?= =BB=A7=AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?=BB=A7 =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF= =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF Gregober ---> PGP ID --> 0x1BA3C2FD bsd @at@ todoo.biz ________________________________________________ =AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?= =BB=A7=AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?=BB=A7 =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF= =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF P "Please consider your environmental responsibility before printing =20 this e-mail"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?424F3BBC-28A9-4CC2-B0A1-3E5B96E644A4>