Quote:
Originally posted by Neo
Perhaps a stupid question:
Did you kill and restart syslogd after making configuration changes to syslogd.conf?
yes, i did. everytime i alter my syslog.conf i kill and restart syslogd.
the permissions on messages and router-log are the same.
i commented out the excess lines.
i'm thinking that, the following might be an issue.
*.err;kern.debug;auth.notice;mail.crit /dev/console
*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
the "*.notice" second line, i'm assuming means that all notices, regardless of source, are to be sent to /var/log/messages.
unfortunately, i don't know the severity rating of the messages that the firewall is sending.
maybe you can help me out. a typical message looks like this:
Jan 20 20:19:08 <16.5> (806 hostname) id=firewall sn=(serial number of webramp) time="2003-01-20 20:19:07" fw=(some ip address)
pri=5 c=256 m=38 msg="ICMP packet dropped" n=2956 src==(some ip address) dst==(some ip address) rule=0^M
again, an assumption, but i think that pri=5 means priority 5, which seems to be a notification level event with the cisco router.
if this is the case, how could i redirect only FreeBSD notifications to go to messages?
i didn't get a clear indication of how to do it in the documentation? is it local0.notice or something?