Bsd Neophyte wrote:
unfortunately, i don't know the severity rating of the messages that the
firewall is sending.
Starting syslogd with the '-vv' flags will tell you the facility and
priority. This is great for testing new logs.
maybe you can help me out. a typical message looks like this:
Jan 20 20:19:08 <16.5> (806 hostname) id=firewall sn=(serial number of
webramp) time="2003-01-20 20:19:07" fw=(some ip address) pri=5 c=256 m=38
msg="ICMP packet dropped" n=2956 src==(some ip address) dst==(some ip
address) rule=0^M
again, an assumption, but i think that pri=5 means priority 5, which seems
to be a notification level event with the cisco router.
if this is the case, how could i redirect only FreeBSD notifications to go
to messages?
this is what i have right now:
------
# external hosts (router and firewall)
!router
local7.* /var/log/router-logs
#local7.alert /var/log/router-logs
#local7.crit /var/log/router-logs
#local7.debug /var/log/router-logs
#local7.emerg /var/log/router-logs
#local7.err /var/log/router-logs
#local7.info /var/log/router-logs
#local7.notice /var/log/router-logs
#local7.warn /var/log/router-logs
------
i made the files ahead of time by doing a "touch router-logs". also is
noting this as " !router " allowable?
i didn't get a clear indication of how to do it in the documentation? is
it local0.notice or something?
The Cisco logging facility is configurable:
----from my 2509 config:
!
logging facility local4
logging 192.168.23.200
----from my /etc/syslog.conf
*.notice;authpriv.none;auth.none;daemon.none;local0.none;local4.none;local5.none
;local7.none;kern.none /var/log/messages
[...skip...]
!*
local0.* /var/log/ipmon.log
local4.* /var/log/router.log
local5.* /var/log/switch.log
local7.* /var/log/dhcpd.log
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message