Re: remote syslog to specific file
Thanks David but… I have followed precisely your advises and It keeps on loging to /var/ log/messages instead of /var/log/sonic.log ?? !fw *.* /var/log/sonic.log Using tab instead and no spaces - restarting syslog - ?? I have also tried !firewall // no success // My logs are coming from a remote host maybe this is the reason why it can't log to sonic.log ? localhost --> 192.168.2.2 remote host --> 192.168.2.1 Any help would still be apreciated ?!? Le 14 déc. 06 à 20:02, David Robillard a écrit : Hello, I am trying to log my sonicwall FW log to a specific file… For the moment all logs are sent to /var/log/messages I would like them to go to /var/log/sonic.log I have tried couple of things which does not seem to work, among them : > +fw.xxx.yyy > local0.* /var/log/sonic.log > +@ --> not working > local0.* /var/log/sonic.log --> not working either In /var/log/messages my log are of that format : > Dec 14 14:50:49 fw id=firewall sn=0006Bxxx4D6C time="2006-12-14 > 14:50:45" fw=80.98.206.97 pri=5 c=64 m=36 msg="TCP connection > dropped" n=183 src=80.97.99.70:3763:WAN:89-90-99-70.pde.norby.ee > dst=192.168.2.3:135:LAN:newmail.rmm.fr proto=tcp/135 Any help would be welcome. Try installing those two lines in your syslog.conf(5) file and make sure you use TAB instead of spaces. !fw *.* /var/log/sonic.log Then issue a `sudo touch /var/log/sonic.log` as the file must exist before syslogd(8) can write to it (i.e. syslogd(8) does not create files). After this run `sudo /etc/rc.d/syslogd restart` to instruct syslogd(8) of the changes you've made to syslog.conf(5). Finally, make sure you edit newsyslog.conf(5) with something like this to keep your /var file system from filling up. /var/log/sonic.logwww:wheel 640 7 100 * J man newsyslog.conf for more on newsyslog.conf(5)'s syntax. Cheers, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122 «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober ---> PGP ID --> 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ P "Please consider your environmental responsibility before printing this e-mail" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: remote syslog to specific file
Hello, I am trying to log my sonicwall FW log to a specific file… For the moment all logs are sent to /var/log/messages I would like them to go to /var/log/sonic.log I have tried couple of things which does not seem to work, among them : > +fw.xxx.yyy > local0.* /var/log/sonic.log > +@ --> not working > local0.* /var/log/sonic.log --> not working either In /var/log/messages my log are of that format : > Dec 14 14:50:49 fw id=firewall sn=0006Bxxx4D6C time="2006-12-14 > 14:50:45" fw=80.98.206.97 pri=5 c=64 m=36 msg="TCP connection > dropped" n=183 src=80.97.99.70:3763:WAN:89-90-99-70.pde.norby.ee > dst=192.168.2.3:135:LAN:newmail.rmm.fr proto=tcp/135 Any help would be welcome. Try installing those two lines in your syslog.conf(5) file and make sure you use TAB instead of spaces. !fw *.* /var/log/sonic.log Then issue a `sudo touch /var/log/sonic.log` as the file must exist before syslogd(8) can write to it (i.e. syslogd(8) does not create files). After this run `sudo /etc/rc.d/syslogd restart` to instruct syslogd(8) of the changes you've made to syslog.conf(5). Finally, make sure you edit newsyslog.conf(5) with something like this to keep your /var file system from filling up. /var/log/sonic.logwww:wheel 640 7 100 * J man newsyslog.conf for more on newsyslog.conf(5)'s syntax. Cheers, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
remote syslog to specific file
Hello, I am trying to log my sonicwall FW log to a specific file… For the moment all logs are sent to /var/log/messages I would like them to go to /var/log/sonic.log I have tried couple of things which does not seem to work, among them : +fw.xxx.yyy local0.*/var/log/sonic.log +@ --> not working local0.*/var/log/sonic.log --> not working either In /var/log/messages my log are of that format : Dec 14 14:50:49 fw id=firewall sn=0006Bxxx4D6C time="2006-12-14 14:50:45" fw=80.98.206.97 pri=5 c=64 m=36 msg="TCP connection dropped" n=183 src=80.97.99.70:3763:WAN:89-90-99-70.pde.norby.ee dst=192.168.2.3:135:LAN:newmail.rmm.fr proto=tcp/135 Any help would be welcome. «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober ---> PGP ID --> 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ P "Please consider your environmental responsibility before printing this e-mail" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"