Bsd Neophyte wrote:
Starting syslogd with the '-vv' flags will tell you the facility and priority. This is great for testing new logs.
unfortunately, i don't know the severity rating of the messages that the
firewall is sending.
maybe you can help me out. a typical message looks like this:
Jan 20 20:19:08 <16.5> (806 hostname) id=firewall sn=(serial number of
webramp) time="2003-01-20 20:19:07" fw=(some ip address) pri=5 c=256 m=38
msg="ICMP packet dropped" n=2956 src==(some ip address) dst==(some ip
address) rule=0^M
again, an assumption, but i think that pri=5 means priority 5, which seems
to be a notification level event with the cisco router.
if this is the case, how could i redirect only FreeBSD notifications to go
to messages?
this is what i have right now:
------
# external hosts (router and firewall) !router local7.* /var/log/router-logs #local7.alert /var/log/router-logs #local7.crit /var/log/router-logs #local7.debug /var/log/router-logs #local7.emerg /var/log/router-logs #local7.err /var/log/router-logs #local7.info /var/log/router-logs #local7.notice /var/log/router-logs #local7.warn /var/log/router-logs ------
i made the files ahead of time by doing a "touch router-logs". also is
noting this as " !router " allowable?
i didn't get a clear indication of how to do it in the documentation? is
it local0.notice or something?
The Cisco logging facility is configurable: ----from my 2509 config:
! logging facility local4 logging 192.168.23.200 ----from my /etc/syslog.conf *.notice;authpriv.none;auth.none;daemon.none;local0.none;local4.none;local5.none ;local7.none;kern.none /var/log/messages [...skip...] !* local0.* /var/log/ipmon.log local4.* /var/log/router.log local5.* /var/log/switch.log local7.* /var/log/dhcpd.log To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
