Syslog'ing PIX

Brad Tarver btarver at fpwk.com
Mon Mar 22 20:08:58 PST 2004 

I found it after rereading the syslog.conf(5) man page.

     A hostname specification of the form `#+hostname' or `+hostname'
means
     the following blocks will be applied to messages received from the
speci-
     fied hostname.  Alternatively, the hostname specification
`#-hostname' or
     `-hostname' causes the following blocks to be applied to messages
from
     any host but the one specified.  If the hostname is given as `@',
the
     local hostname will be used.  As for program specifications,
multiple
     comma-seprarated values may be specified for hostname
specifications.

Also, there appears to be a problem with the !startslip and !ppp at the
end the 5.2.1-RELEASE default syslog.conf. None of my +hostname lines
were parsed until I put them above the !prog lines.




>  -----Original Message-----
> From: 	Brad Tarver  
> Sent:	Monday, March 22, 2004 04:46 PM
> To:	'Freebsd-newbies at freebsd.org'
> Subject:	Syslog'ing PIX
> 
> I know I've done this before, so I know I'm not crazy.
> 
> I'm trying to log two PIX firewalls, one at 192.168.1.2 and the other
> is
> at 192.168.100.2.
> 
> Both PIXs are configured like this:
> logging on
> logging timestamp
> logging trap debugging
> logging host inside 10.1.1.126
> 
> There is a way to tell syslogd to log to different files based on the
> host
> it's coming from:
> hostname1:
> *.*             /var/log/hostname1
> 
> hostname2:
> *.*             /var/log/hostname2
> 
> 
> I can't remember the modifier that goes on the hostname line to make
> syslog separate the files. Does anyone know? I thought it was a : or a
> !
> 
> 
> --
> Brad Tarver, CCNA
> Network Administrator
> Forman Perry Watkins Krutz & Tardy
> 188 East Capitol Street
> Suite 200
> Jackson, MS 39201
> United States
> Ph: 601-960-8600
> Fax: 601-960-8613
> 
> 
> Furbling, v.:
>         Having to wander through a maze of ropes at an airport or bank
> even when you are the only person in line.
>                 -- Rich Hall, "Sniglets"
> 


Important Confidentiality And Limited Liability Notice

This email and any attachments may be confidential and protected by law. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the email or any attachment is prohibited. If you have received this email in error, please notify us immediately by replying to the sender and deleting this copy and the reply from your system. Please note that any views or opinions expressed in this email are solely those of the author and do not necessarily represent those of Forman Perry Watkins Krutz & Tardy LLP. (FPWK&T). The recipient should check this email and any attachments for the presence of viruses. FPWK&T accepts no liability for any damage caused by any virus transmitted by this email. Thank you for your cooperation.

More information about the freebsd-newbies mailing list