Re: FW: Question about logging.
From: Simon L. Nielsen (simon_at_nitro.dk)
Date: 05/28/03
- Previous message: Peter Pentchev: "Re: FW: Question about logging."
- In reply to: Peter Pentchev: "Re: FW: Question about logging."
- Next in thread: Taras Y. NIZHNIK: "Re: FW: Question about logging."
- Reply: Taras Y. NIZHNIK: "Re: FW: Question about logging."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 May 2003 22:14:19 +0200 To: Erik Paulsen Sk?lerud <erik@pentadon.com>, security@freebsd.org
On 2003.05.28 23:04:32 +0300, Peter Pentchev wrote:
> On Wed, May 28, 2003 at 08:36:24PM +0200, Simon L. Nielsen wrote:
> > On 2003.05.28 20:04:28 +0200, Erik Paulsen Sk?lerud wrote:
> >
> > > Yeah, I've gotten that far. But, how can I explicity -only- filter out ipfw
> > > messages from the default console output? Looks like the only way is to
> > > remove kern.debug :(
> >
> > I think you can use something like this in syslog.conf (untested) :
> >
> > !-ipfw
> > *.err;kern.debug;auth.notice;mail.crit /dev/console
>
> This would match log entries generated by a userland application named
> 'ipfw'. The ipfw log lines are, however, generated by the *kernel*, and
> they would never match this rule.
Ehh, I have the following in my syslog.conf, and it works just fine :
!ipfw
*.* /var/log/ipfw.log
I only get lines like :
May 20 02:16:28 arthur /kernel: ipfw: 65300 Deny UDP 192.168.3.2:53 192.168.2.3:49239 in via xl0
in var/log/ipfw.log
I guess it shouldn't work, but it does :-)
-- Simon L. Nielsen
- application/pgp-signature attachment: stored
- Previous message: Peter Pentchev: "Re: FW: Question about logging."
- In reply to: Peter Pentchev: "Re: FW: Question about logging."
- Next in thread: Taras Y. NIZHNIK: "Re: FW: Question about logging."
- Reply: Taras Y. NIZHNIK: "Re: FW: Question about logging."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
