[SATLUG] syslog a particular level

Enrique Sanchez esanchezvela.satlug at gmail.com
Mon Dec 13 20:00:35 CST 2010


On Mon, Dec 13, 2010 at 7:42 AM, Aaron Hackney <aaron at aaronhackney.com> wrote:
> On Sun, Dec 12, 2010 at 5:49 PM, Greg Swift <gregswift at gmail.com> wrote:
>> Take the /var/log/system.log line and add local4.none too it like this:
>>
>> *.notice;kern.debug;lpr.info;mail.crit;mail.info;news.err;local0.none;local7.none;local4.none
>> %/var/log/system.log
>
> Greg, thanks man! I'll give it a try and let you know!
> -A
>
>
>>

Aaron,

form your syslog configuration, you had:

*.*                     /var/log/cisco-syslog

that is a catch all configuration and will have ALL syslog messages,
not only the ones coming from your firewalls.
change it to

local4.* ....

regards,
enrique.


More information about the SATLUG mailing list