Date: Thu, 24 Apr 2003 14:02:10 +0100 From: Jez Hancock <jez.hancock@munk.nu> To: questions@FreeBSD.ORG Subject: Re: syslog logging question Message-ID: <20030424130210.GC20162@users.munk.nu> In-Reply-To: <8blfavg8puflk0bu7osgrnr8u831kbl92m@4ax.com> References: <20030424071545.GA45006@marvin.penguinpowered.org.uk> <8blfavg8puflk0bu7osgrnr8u831kbl92m@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 24, 2003 at 01:29:56PM +0100, John Murphy wrote:
> Wayne Pascoe <freebsd@penguinpowered.org.uk> wrote:
>
> >I have ipfilter on some of my boxes. In /etc/syslog.conf, I have the
> >following lines:
> >
> >!ipmon
> >*.* /var/log/ipf.log
> >
> >This works, and I get all entries in /var/log/ipf.log, which is good.
> >The problem I have is that I also get all entries in /var/log/messages
> >
> >What do I need to do to stop syslog logging these messages to both
> >locations and start logging only to /var/log/ipf.log ?
>
> I don't have an entry in syslog.conf for ipmon but I have:
> ipmon_flags="-D /var/log/ipf.log" # typically "-Ds" or "-D /var/log/ipflog"
> in /etc/rc.conf
The default -Ds logs to syslog with facility local0.
man ipmon:
<snip>
-s Packet information read in will be sent through syslogd rather
than saved to a file. The default facility when compiled and
installed is local0. The following levels are used:
LOG_INFO - packets logged using the "log" keyword as the action
rather than pass or block.
LOG_NOTICE - packets logged which are also passed
LOG_WARNING - packets logged which are also blocked
LOG_ERR - packets which have been logged and which can be con-
sidered "short".
<snip>
handy I suppose if you do any postprocessing of the ipmon log output via syslogd.
Regards,
Jez
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030424130210.GC20162>