Remote syslog and correct facilities.



  • I'm trying to figure out what logging facilities I should be using in syslog.conf on my remote syslog server.  I'd like all pf logs to go into a pf.log, pptp stuff into pptp.log, etc.

    I'm a relatively new person to syslogging.  I've done it before, but I can't figure out how to tell one service from another, and what logging facility it's using.  Any hints?

    EDIT
    –-----

    I figured it out! :)

    Here's what I had that worked:

    
    +lbfw1
    !pf
    *.*			/var/log/lbfw1/pf.log
    !-pf
    *.*			/var/log/lbfw1/messages
    +lbfw2
    !pf
    *.*			/var/log/lbfw2/pf.log
    !-pf
    *.*			/var/log/lbfw2/messages
    +logserver
    (rest local system logs)
    
    

    I'm presuming then I could do the same with pptpd, racoon, etc. :)

    Good stuff.  Hope someone else finds this useful.


Locked