On Tue, Jan 21, 2003 at 02:34:36AM -0800, Bsd Neophyte wrote: > > i'm having huge problems with localizing the messages sent to my FreeBSD > box by my router and my firewall appliance. all the messages seem to be > congregating in /var/log/messages, when i don't want them to. > > i'm thinking that, the following might be an issue. > > -------- > *.err;kern.debug;auth.notice;mail.crit /dev/console > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages > -------- > > the "*.notice" second line, i'm assuming means that all notices, > regardless of source, are to be sent to /var/log/messages. > > unfortunately, i don't know the severity rating of the messages that the > firewall is sending. > > maybe you can help me out. a typical message looks like this: > > Jan 20 20:19:08 <16.5> (806 hostname) id=firewall sn=(serial number of > webramp) time="2003-01-20 20:19:07" fw=(some ip address) pri=5 c=256 m=38 > msg="ICMP packet dropped" n=2956 src==(some ip address) dst==(some ip > address) rule=0^M > > again, an assumption, but i think that pri=5 means priority 5, which seems > to be a notification level event with the cisco router. > > if this is the case, how could i redirect only FreeBSD notifications to go > to messages? > > this is what i have right now: > > ------ > # external hosts (router and firewall) > !router > local7.* /var/log/router-logs > #local7.alert /var/log/router-logs > #local7.crit /var/log/router-logs > #local7.debug /var/log/router-logs > #local7.emerg /var/log/router-logs > #local7.err /var/log/router-logs > #local7.info /var/log/router-logs > #local7.notice /var/log/router-logs > #local7.warn /var/log/router-logs > ------ > > i made the files ahead of time by doing a "touch router-logs". also is > noting this as " !router " allowable? > > i didn't get a clear indication of how to do it in the documentation? is > it local0.notice or something?
You need to find out what "facility" your Cisco is configured to use. As you indicate above, it could be local7. However, I don't believe that your program designation of "!route" is valid. Try your line local7.* /var/log/router-logs near the top of the /etc/syslog.conf file. Read `man syslog.conf`. Nathan -- GPG Public Key ID: 0x4250A04C gpg --keyserver pgp.mit.edu --recv-keys 4250A04C http://18.104.22.168/gpg_nkinkade_4250A04C.asc
Description: PGP signature