On Tue, 17 Jul 2001, Kanno, Ken wrote:
> Jul 17 13:34:41 <4.5> gateway Jul 17 2001 12:35:27: %PIX-5-304001: 10.10.2.1
> Accessed URL 206.40.47.5:/questions.html
> Jul 17 13:34:43 <4.5> gateway Jul 17 2001 12:35:30: %PIX-5-304001: 10.10.2.1
> Accessed URL 205.188.140.249:/image/93007873/aim/
Yikes. Do you really need to log this religiously? I crank my PIX log
levels down a bit on purpose. But I'm in a smaller office where I trust
everyone enough to not want/need to look at URLs they're accessing.
> I saw no examples under man for syslog, syslogd or syslog.conf
Not entirely true.
> # $FreeBSD: src/etc/syslog.conf,v 1.13.2.2 2001/02/26 09:26:11 phk Exp $
> #
> # Spaces are NOT valid field separators in this file.
> # Consult the syslog.conf(5) manpage.
> *.err;kern.debug;auth.notice;mail.crit /dev/console
> *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
^^^^^^^^
Here's your problem. ALL notice messages go to /var/log/messages
regardless of where else they're routed. Since you're using a facility of
local4 on the PIX, I'd suggest adding 'local4.none' to the line
above. That will prevent local4.notice messages from being sent to
/var/log.
Later,
-Mike
--
Eat drink and be merry, for tomorrow they may make it illegal.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
