Date: Thu, 14 Dec 2006 14:02:14 -0500 From: "David Robillard" <david.robillard@gmail.com> To: "FreeBSD Questions" <freebsd-questions@freebsd.org> Subject: Re: remote syslog to specific file Message-ID: <226ae0c60612141102v6eeb44b3t83e7cf6d8ea7eefa@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
> Hello, > > > I am trying to log my sonicwall FW log to a specific file=85 > > For the moment all logs are sent to /var/log/messages > > I would like them to go to /var/log/sonic.log > > > I have tried couple of things which does not seem to work, among them : > > > +fw.xxx.yyy > > local0.*=09=09/var/log/sonic.log > > +@ > --> not working > > > local0.*=09=09/var/log/sonic.log > --> not working either > > > In /var/log/messages my log are of that format : > > > Dec 14 14:50:49 fw id=3Dfirewall sn=3D0006Bxxx4D6C time=3D"2006-12-14 > > 14:50:45" fw=3D80.98.206.97 pri=3D5 c=3D64 m=3D36 msg=3D"TCP connection > > dropped" n=3D183 src=3D80.97.99.70:3763:WAN:89-90-99-70.pde.norby.ee > > dst=3D192.168.2.3:135:LAN:newmail.rmm.fr proto=3Dtcp/135 > > > > Any help would be welcome. Try installing those two lines in your syslog.conf(5) file and make sure you use TAB instead of spaces. !fw *.* /var/log/sonic.log Then issue a `sudo touch /var/log/sonic.log` as the file must exist before syslogd(8) can write to it (i.e. syslogd(8) does not create files). After this run `sudo /etc/rc.d/syslogd restart` to instruct syslogd(8) of the changes you've made to syslog.conf(5). Finally, make sure you edit newsyslog.conf(5) with something like this to keep your /var file system from filling up. /var/log/sonic.log www:wheel 640 7 100 * J man newsyslog.conf for more on newsyslog.conf(5)'s syntax. Cheers, David --=20 David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?226ae0c60612141102v6eeb44b3t83e7cf6d8ea7eefa>