syslog logging question
jez.hancock at munk.nu
Thu Apr 24 06:02:03 PDT 2003
On Thu, Apr 24, 2003 at 01:29:56PM +0100, John Murphy wrote:
> Wayne Pascoe <freebsd at penguinpowered.org.uk> wrote:
> >I have ipfilter on some of my boxes. In /etc/syslog.conf, I have the
> >following lines:
> >*.* /var/log/ipf.log
> >This works, and I get all entries in /var/log/ipf.log, which is good.
> >The problem I have is that I also get all entries in /var/log/messages
> >What do I need to do to stop syslog logging these messages to both
> >locations and start logging only to /var/log/ipf.log ?
> I don't have an entry in syslog.conf for ipmon but I have:
> ipmon_flags="-D /var/log/ipf.log" # typically "-Ds" or "-D /var/log/ipflog"
> in /etc/rc.conf
The default -Ds logs to syslog with facility local0.
-s Packet information read in will be sent through syslogd rather
than saved to a file. The default facility when compiled and
installed is local0. The following levels are used:
LOG_INFO - packets logged using the "log" keyword as the action
rather than pass or block.
LOG_NOTICE - packets logged which are also passed
LOG_WARNING - packets logged which are also blocked
LOG_ERR - packets which have been logged and which can be con-
handy I suppose if you do any postprocessing of the ipmon log output via syslogd.
More information about the freebsd-questions