LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 02-25-2008, 09:13 AM   #1
ddenton
Member
 
Registered: May 2007
Posts: 114

Rep: Reputation: 15
Syslog entries from PIX appearing is messages log...


Hello forum.

I have an RHEL 4 server acting as a syslog server for a PIX firewall. I've configured my syslog.conf to write firewall log entries to /var/log/firewall. Here's a snip from my syslog.conf:

# Log firewall messages
local4.* /var/log/firewall

Problem is, the entries that appear in /var/log/firewall also appear in /var/log/messages. There are no other "local" entries in syslog.conf, so what could cause the firewall entries to be sent to the firewall and the messages log?

Thanks in advance...
 
Old 02-26-2008, 05:27 PM   #2
loopy69
LQ Newbie
 
Registered: Apr 2004
Distribution: Fedora Core 5
Posts: 23

Rep: Reputation: 15
I have this exact same thing happening and would like to know how to redirect things a little better...
 
Old 02-29-2008, 10:35 AM   #3
ddenton
Member
 
Registered: May 2007
Posts: 114

Original Poster
Rep: Reputation: 15
No takers?

Any help is greatly appreciated...
 
Old 04-08-2008, 11:17 AM   #4
ddenton
Member
 
Registered: May 2007
Posts: 114

Original Poster
Rep: Reputation: 15
I think I may have figured this out. The facilities listed that will be logged to my /var/log/messages file includes *.info. I'm logging all "info" level entries from my firewall to my appropriate log file, so syslog must be picking up on this and parsing them into the messages log.

At least that's my theory. I'll test and post the results.
 
Old 04-08-2008, 11:28 AM   #5
ddenton
Member
 
Registered: May 2007
Posts: 114

Original Poster
Rep: Reputation: 15
That was it. Appending "local4.none" to the facility list for the messages log did the trick.

Code:
*.info;mail.none;authpriv.none;cron.none;local4.none            /var/log/messages
 
  


Reply

Tags
firewall, log, messages, syslog


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Are these entries a problem in my /var/log/messages jim.thornton Linux - Server 4 02-08-2008 08:16 AM
New Entries in /var/log/messages sathyguy Linux - Security 3 04-26-2006 05:36 AM
/var/log/messages weird entries blizunt7 Linux - Security 5 11-01-2005 05:56 PM
WLAN Card with TI acx100 chipset send too much log entries into syslog scope5 Linux - Wireless Networking 0 06-07-2004 02:38 PM
syslog and firestarter - log messages to another file than messages mule Linux - Newbie 0 08-07-2003 03:35 AM


All times are GMT -5. The time now is 09:16 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration