Date: Tue, 21 Jan 2003 07:24:05 -0800 From: Nathan Kinkade <nkinkade@dsl-only.net> To: freebsd-questions@FreeBSD.ORG Subject: Re: still having syslog problems Message-ID: <20030121152405.GD25795@sub21-156.member.dsl-only.net> In-Reply-To: <20030121103436.56297.qmail@web20104.mail.yahoo.com> References: <20030121103436.56297.qmail@web20104.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--IMjqdzrDRly81ofr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 21, 2003 at 02:34:36AM -0800, Bsd Neophyte wrote: >=20 > i'm having huge problems with localizing the messages sent to my FreeBSD > box by my router and my firewall appliance. all the messages seem to be > congregating in /var/log/messages, when i don't want them to. >=20 > i'm thinking that, the following might be an issue.=20 >=20 > -------- > *.err;kern.debug;auth.notice;mail.crit /dev/console=20 > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages=20 > -------- >=20 > the "*.notice" second line, i'm assuming means that all notices, > regardless of source, are to be sent to /var/log/messages.=20 >=20 > unfortunately, i don't know the severity rating of the messages that the > firewall is sending.=20 >=20 > maybe you can help me out. a typical message looks like this:=20 >=20 > Jan 20 20:19:08 <16.5> (806 hostname) id=3Dfirewall sn=3D(serial number of > webramp) time=3D"2003-01-20 20:19:07" fw=3D(some ip address) pri=3D5 c=3D= 256 m=3D38 > msg=3D"ICMP packet dropped" n=3D2956 src=3D=3D(some ip address) dst=3D=3D= (some ip > address) rule=3D0^M=20 >=20 > again, an assumption, but i think that pri=3D5 means priority 5, which se= ems > to be a notification level event with the cisco router.=20 >=20 > if this is the case, how could i redirect only FreeBSD notifications to go > to messages?=20 >=20 > this is what i have right now: >=20 > ------ > # external hosts (router and firewall)=20 > !router=20 > local7.* /var/log/router-logs=20 > #local7.alert /var/log/router-logs=20 > #local7.crit /var/log/router-logs=20 > #local7.debug /var/log/router-logs=20 > #local7.emerg /var/log/router-logs=20 > #local7.err /var/log/router-logs=20 > #local7.info /var/log/router-logs=20 > #local7.notice /var/log/router-logs=20 > #local7.warn /var/log/router-logs=20 > ------ >=20 > i made the files ahead of time by doing a "touch router-logs". also is > noting this as " !router " allowable?=20 >=20 > i didn't get a clear indication of how to do it in the documentation? is > it local0.notice or something? You need to find out what "facility" your Cisco is configured to use. As you indicate above, it could be local7. However, I don't believe that your program designation of "!route" is valid. Try your line local7.* /var/log/router-logs near the top of the /etc/syslog.conf file. Read `man syslog.conf`. Nathan --=20 GPG Public Key ID: 0x4250A04C gpg --keyserver pgp.mit.edu --recv-keys 4250A04C http://63.105.21.156/gpg_nkinkade_4250A04C.asc --IMjqdzrDRly81ofr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+LWYVWZYS9EJQoEwRAmenAKCR7Qyi2gupx0lkym/wjenCApSWXgCfdPYX 5ppcLPQnIo2JOmvJ3lB6Mrs= =KEiY -----END PGP SIGNATURE----- --IMjqdzrDRly81ofr-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030121152405.GD25795>