Firewalls: RE: Help for syslog

Firewalls
(September 1997)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Help for syslog
From:	Joseph Judge <joej @ joesmac . ultranet . com>
Date:	Sun, 7 Sep 1997 23:54:06 -0400
To:	"firewalls @ GreatCircle . COM" <firewalls @ GreatCircle . COM>, "'kb @ pp-ulm . de'" <kb @ pp-ulm . de>

All -
	That "*.debug" line will send all messages to log targets (local0, daemon, 
lp, etc) from debug level on up (to crit) into that file.   Seems a bit much, but that
is your call. I tend to take from .info and on up.

Anyway, if you place another line in the /etc/syslog.conf file, for example, to 
suck router logs (local7.debug    /var/adm/cisco.today) then all
messages to that log level will go both to the cisco.today file and the 
messages.debug file. If that annoys you, then change the *.debug line
to specify that no local7 messages are included in that '*'. This would
leave your file as:

*.debug;local7.none		/var/adm/messages.debug
local7.debug			/var/adm/cisco.today

All you need to do is pop on the router and convince it to log to that
syslog machine at local7 level. Please note that syslog lets you put
a '*' on the LEFT side only

If you plan ahead ... you may wish to make all of your messages go
to various targets ( local0.info for the /var/log/ipf.today ip-filter logs,
mail.info to the /var/log/mail.today log, etc). Then, a simple nightly 
script can take all the /var/log/*.today files, "rotate" them to a nicely
named file (/var/log/archive/mail.970907), gzip them and null out the
"today" log.

cheers -

	-- joe


----------
From: 	kb @
 pp-ulm .
 de[SMTP:kb @
 pp-ulm .
 de]
Sent: 	Friday, September 05, 1997 12:31 PM
To: 	firewalls @
 GreatCircle .
 COM
Subject: 	Help for syslog

Maybe someone could help me with this.

I have a Firewall-1 3.0 on a I386 Solaris 2.5.1. The router I have to
the provider
is sending by syslogd to the firewall. I can see the syslog messages
arriving to
the firewall when I turn debuggung on I could even put them in a file
with all the
messages by inserting the line in syslog.conf:

*.debug		/var/adm/messages.debug.


Is it possible to have the messages from the router into a different
file and how ?


Thank's for your help


Klaus


______/ /\____________________________________
         / /  \    Klaus Boden
        /_/ /\ \   Pfeiffer und Partner 
      __\ \ \/ /   the client server company 
     / /\\ \  / 
    / /  \\ \ \    Address : Magirusstraße 4, 89129 Langenau
   /_/ /\ \\ \ \   Phone   : +49 7345 9669-18
   \ \ \/ / \_\/   Fax     : +49 7345 9669-20
    \ \  /	   mailto:kb @
 pp-ulm .
 de
     \ \ \         http://www.pp-ulm.de
____\ \ \__________________________________
        \_\/


>

Indexed By Date	Previous:	Re: "Tasteless Plug" From: Jim Crawford <jecrawfo @ paranet . com>
Indexed By Date	Next:	[CyberGuard] Q: Audit log format? From: Young-Jin Hong <wits @ nuri . net>
Indexed By Thread	Previous:	Re: Help for syslog From: Bernd Eckenfels <lists @ lina . inka . de>
Indexed By Thread	Next:	RE: Denver Systems, Inc Firebox From: Arthur Young <ahy @ ziplink . net>