Re: ipmon syslogd problems
Toomas Aas [EMAIL PROTECTED] said: I have ipfilter set up and running fine, but I have been finding that my security logs show up in both my security and messages log files. ipmon is running with the command ipmon -oI -s -D and my syslog.conf file has the following relevant configuration. .. local0.*/var/log/security security.* /var/log/security *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages I believe *.notice includes all the higher levels, such as *.err and *.warning. If you don't want messages from local0 and security facilities to appear in /var/log/messages, add this to /var/log/messages: local0.none;security.none Looking at the man page for syslog I see the line that I missed before that talks about the special facility log level none. One thing to note, if you put it before the *.notice, you still get the messages, but putting it on the end of the line works. -- Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/ * I haven't lost my mind; I know exactly where I left it. -- Thanks, Dean E. Weimer http://www.dweimer.org/ This message was sent from dweimer.org using TWIG - The Web Information Gateway. - For more information visit http://www.dweimer.org/ - To Report Abuse Contact [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
ipmon syslogd problems
I have ipfilter set up and running fine, but I have been finding that my security logs show up in both my security and messages log files. ipmon is running with the command ipmon -oI -s -D and my syslog.conf file has the following relevant configuration. .. local0.*/var/log/security security.* /var/log/security *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages .. I am only logging blocked and short packets, which according to man ipmon should do the following. .. -s Packet information read in will be sent through syslogd rather than saved to a file. The default facility when compiled and installed is local0. The following levels are used: LOG_INFO - packets logged using the log keyword as the action rather than pass or block. LOG_NOTICE - packets logged which are also passed LOG_WARNING - packets logged which are also blocked LOG_ERR - packets which have been logged and which can be considered short. .. There is nothing in my syslog.conf that is pointing *.warning or *.err to messages. Does anyone have any ideas as to why this is happening?? Please Copy me with any replies. -- Thanks, Dean E. Weimer [EMAIL PROTECTED] http://www.dweimer.org/ This message was sent from dweimer.org using TWIG - The Web Information Gateway. - For more information visit http://www.dweimer.org/ - To Report Abuse Contact [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message