Remote syslog and correct facilities.
I'm trying to figure out what logging facilities I should be using in syslog.conf on my remote syslog server. I'd like all pf logs to go into a pf.log, pptp stuff into pptp.log, etc.
I'm a relatively new person to syslogging. I've done it before, but I can't figure out how to tell one service from another, and what logging facility it's using. Any hints?
I figured it out! :)
Here's what I had that worked:
+lbfw1 !pf *.* /var/log/lbfw1/pf.log !-pf *.* /var/log/lbfw1/messages +lbfw2 !pf *.* /var/log/lbfw2/pf.log !-pf *.* /var/log/lbfw2/messages +logserver (rest local system logs)
I'm presuming then I could do the same with pptpd, racoon, etc. :)
Good stuff. Hope someone else finds this useful.