[SATLUG] syslog a particular level

Aaron Hackney aaron at aaronhackney.com
Sun Dec 12 10:41:15 CST 2010


Hey all. Quick question that I can't find a clear answer on.

I have a syslog server that is receiving syslog messages from an
external source (Cisco ASA firewall) which is sending warning syslog
messages (local4.*).

This is NOT syslog-ng, but standard syslog.

My config looks like this:
#######################

local3.* %/var/log/sshd.log
local5.* %/var/log/smartd.log
ftp.* %/var/log/ftp.log
daemon.* %/var/log/daemon.log
*.notice;kern.debug;lpr.info;mail.crit;mail.info;news.err;local0.none;local7.none
%/var/log/system.log
security.* %/var/log/system.log
auth.info;authpriv.info %/var/log/system.log
+fw.aaron.pvt
*.*                     /var/log/cisco-syslog
*.emerg *
#######################

It is working fine, in that I am receiving the syslog messages in
/var/log/cisco-syslog from my host, but I am also receiving those same
messages in system.log.

Is there a way, with standard syslog, to prevent the local4 messages
from being written to system.log or do I just need to move on to
syslog-ng?

TIA!
-A

-- 
"Don't ask yourself what the world needs. Ask yourself what makes you
come alive and then go do that. Because what the world needs is people
who have come alive." -Dr. Howard Thurman

******************************
Aaron Keith Hackney
aaron at aaronkeithstudios.com
Cell 210.325.2196
******************************


More information about the SATLUG mailing list