LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux > Linux - Server
Reload this Page Syslog entries from PIX appearing is messages log...
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Tags used in this thread
Popular LQ Tags , , ,

Reply
 
Thread Tools
Old 02-25-2008, 10:13 AM   #1
ddenton
Member
 
Registered: May 2007
Posts: 87
Thanked: 0
Syslog entries from PIX appearing is messages log...

[Log in to get rid of this advertisement]
Hello forum.

I have an RHEL 4 server acting as a syslog server for a PIX firewall. I've configured my syslog.conf to write firewall log entries to /var/log/firewall. Here's a snip from my syslog.conf:

# Log firewall messages
local4.* /var/log/firewall

Problem is, the entries that appear in /var/log/firewall also appear in /var/log/messages. There are no other "local" entries in syslog.conf, so what could cause the firewall entries to be sent to the firewall and the messages log?

Thanks in advance...
ddenton is offline  
Tag This Post , , ,
Reply With Quote
Old 02-26-2008, 06:27 PM   #2
loopy69
LQ Newbie
 
Registered: Apr 2004
Distribution: Fedora Core 5
Posts: 23
Thanked: 0
I have this exact same thing happening and would like to know how to redirect things a little better...
loopy69 is offline     Reply With Quote
Old 02-29-2008, 11:35 AM   #3
ddenton
Member
 
Registered: May 2007
Posts: 87
Thanked: 0

Original Poster
No takers?

Any help is greatly appreciated...
ddenton is offline     Reply With Quote
Old 04-08-2008, 12:17 PM   #4
ddenton
Member
 
Registered: May 2007
Posts: 87
Thanked: 0

Original Poster
I think I may have figured this out. The facilities listed that will be logged to my /var/log/messages file includes *.info. I'm logging all "info" level entries from my firewall to my appropriate log file, so syslog must be picking up on this and parsing them into the messages log.

At least that's my theory. I'll test and post the results.
ddenton is offline     Reply With Quote
Old 04-08-2008, 12:28 PM   #5
ddenton
Member
 
Registered: May 2007
Posts: 87
Thanked: 0

Original Poster
That was it. Appending "local4.none" to the facility list for the messages log did the trick.

Code:
*.info;mail.none;authpriv.none;cron.none;local4.none            /var/log/messages
ddenton is offline     Reply With Quote

Reply

Bookmarks


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Are these entries a problem in my /var/log/messages jim.thornton Linux - Server 4 02-08-2008 09:16 AM
New Entries in /var/log/messages sathyguy Linux - Security 3 04-26-2006 06:36 AM
/var/log/messages weird entries blizunt7 Linux - Security 5 11-01-2005 06:56 PM
WLAN Card with TI acx100 chipset send too much log entries into syslog scope5 Linux - Wireless Networking 0 06-07-2004 03:38 PM
syslog and firestarter - log messages to another file than messages mule Linux - Newbie 0 08-07-2003 04:35 AM


All times are GMT -5. The time now is 10:44 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap - LinuxQuestions.org - Linux Forums
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
RSS2  LQ Podcast
RSS2  LQ Radio
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration