LinuxSA Mailing list archives

  From: Matthew Western <mwestern@affairs.net.au>
  To  : <linuxsa@linuxsa.org.au>
  Date: Thu, 30 May 2002 11:49:14 +0930

Syslog.conf Question

Hi People,
I've got a large mess in my /var/log/messages and i'm trying to modify
syslog.conf so it gets sorted better.  For example, i've got iptables that
logs with a prefix of Firewall:  eg

May 30 11:27:25 ______ kernel: Firewall:IN=eth1 OUT=
MAC=00:00:f8:1f:e0:1f:00:80:ad:0a:49:7c:08:00 SRC=x.x.x.x DST=x.x.x.x
LEN=161 TOS=0x00 PR
EC=0x00 TTL=128 ID=45586 PROTO=UDP SPT=1051 DPT=1900 LEN=141

the man page of syslog.conf says that i can't just filter any old thing out
to various /var/log/logfiles but i have to stick to only certain words.  ie
auth, authpriv, cron, daemon, kern, lpr, mail, mark, news,  security  (same
as  auth), syslog,  user,  uucp and local0 through local7.

I've got a normal entry working nicely, but can't figure how how to get my
custom stuff out to other files....

this is my entry that logs the lot so i've got this far...    perhaps i
should be telling iptables specifically to log to a different file??

*.*                                                /var/log/firewall

any ideas people?
thanks
Matthew




--------man syslog.conf----------
<snip>
SELECTORS
The selector field itself again consists of two parts, a facility and a
priority, separated by a period (``.'').  Both parts are  case insensitive
and can also be specified as decimal numbers, but don't do that, you have
been warned.  Both facilities and priorities are described in syslog(3).
The names mentioned below correspond to the similar LOG_-values in
usr/include/syslog.h.

The facility is one of the following keywords: auth, authpriv, cron, daemon,
kern, lpr, mail, mark, news,  security  (same  as  auth), syslog,  user,
uucp and local0 through local7.  The keyword security should not be used
anymore and mark is only for internal use and therefore should not be used
in applications.  Anyway, you may want to specify and redirect these
messages here.  The facility  speci­fies the subsystem that produced the
message, i.e. all mail programs log with the mail facility (LOG_MAIL) if
they log using syslog.

The  priority  is  one of the following keywords, in ascending order: debug,
info, notice, warning, warn (same as warning), err, error (same as err),
crit, alert, emerg, panic (same as emerg).  The keywords error, warn and
panic are deprecated and should  not  be  used anymore.  The priority
defines the severity of the message

The  behavior  of the original BSD syslogd is that all messages of the
specified priority and higher are logged according to the given action.
This syslogd(8) behaves the same, but has some extensions.

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject