RE: [logs] PIX logging

• Previous message: Jose Nazario: "Re: [logs] what to log/what to look for: stateful log analysis?"
• Maybe in reply to: Allen Crawford: "[logs] PIX logging"
• Next in thread: Alexandre Dulaunoy: "Re: [logs] PIX logging"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

to prevent your local4 logs from going to /var/log/messages, add the
following to your syslog.conf:
local4.none		/var/log/messages

you can just tack it on the end of the line for /var/log/messages - for
example:
*.info;mail.none;authpriv.none;local5.none;local4.none  /var/log/messages

if you want to rename your log file each night, you can call a script from
your logrotate.conf
( or for redhat, /etc/logrotate.d/syslog)
for example:

/var/log/messages {
daily
    postrotate
        /usr/bin/killall -HUP syslogd;
        mv /var/log/messages.1 /var/log/messages$(date +%Y%m%d)
    endscript
}


here's a quick n dirty script for deleting old log files:
------------- begin script
#!/bin/bash

oldstuff=$(date +%m|sed 's/^0//')
case $oldstuff in
        1) oldstuff=10;;
        2) oldstuff=11;;
        3) oldstuff=12;;
        *) oldstuff=$[$oldstuff-3];;
esac
rm /var/log/messages$[$(date +%Y)-1]$oldstuff*
rm /var/log/messages$(date +%Y)$oldstuff*
---------- end script

I haven't tested this script, so make sure to test it before putting it into
production.



> -----Original Message-----
> From:	Allen Crawford [SMTP:AllenCat_private]
> Sent:	Thursday, August 29, 2002 11:17 AM
> To:	Log Analysis List (E-mail)
> Subject:	[logs] PIX logging
> 
> I hope this is the proper forum for this sort of question.  Please let me
> know if it is not.
> 
> I have read up on the basics of using syslog and logrotate to log and
> rotate
> my system logs. I have also read the basics of how to make the Cisco PIX
> send logging information to my syslog server. When turning this on from
> the
> PIX, it immediately starts logging to the syslog server (I've already
> enabled the remote logging ability for syslog) but it logs everything to
> /var/log/messages.  I had entered the following line to my
> /etc/syslog.conf
> file as well.
> 
> local4.*			/var/log/pix
> 
> Eventually I found out that things were now being logged twice, once to my
> pix file above and once to /var/log/messages.
> 
> My problem/question is that I'd like to have the PIX logs in a separate
> file, one that gets rotated daily at midnight. In addition to that, I'd
> like
> it to append the date as the suffix of the log's filename, such as
> pix20020815. I would also prefer that the logs were automatically deleted
> after say, 3 months, but that is the least of my worries right now.  We
> may
> just stick with a manual deletion anyway.
> 
> If anyone can give me details on this, or if anyone else has already set
> this up for their PIX, I'd greatly appreciate some examples, either online
> or offline.
> 
> By the way, I'm running Red Hat 7.3 for this.
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysisat_private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Kohlenberg, Toby: "RE: [logs] question about loganalysis products"
• Previous message: Jose Nazario: "Re: [logs] what to log/what to look for: stateful log analysis?"
• Maybe in reply to: Allen Crawford: "[logs] PIX logging"
• Next in thread: Alexandre Dulaunoy: "Re: [logs] PIX logging"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 29 2002 - 11:31:36 PDT