Re: [m0n0wall] Remote Logging to a specific log file

From:	Juerg Schneider <juerg dot schneider at fabrimex dot ch>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Remote Logging to a specific log file
Date:	Mon, 27 Jun 2005 15:03:05 +0200

Am Samstag, 25. Juni 2005 00.25 schrieb Devin Henderson:
> I have setup m0n0wall to send logs to my web server. However, the
> log is saved to my /var/log/messages file. How can I setup my
> syslog server to write the m0n0wall logs to a seperate file, say
> /var/log/router.log? I assume I can do this in /etc/syslog.conf on
> my syslog server but I'm not sure how.

Take syslog-ng not syslog. From my /etc/syslog-ng/syslog-ng.conf:

source remote {  udp(); };
source src { unix-dgram("/dev/log"); internal(); };

# In one line:
destination m0n0wall { file("/var/log/m0n0wall/m0n0wall.log" \
    owner("root") group("adm") perm(0640)); };
destination m0n0sys { file("/var/log/m0n0wall/syslog.log" \
    owner("root") group("adm") perm(0640)); };

filter f_m0n0wall   { match("ipmon"); };
filter f_not_m0n0   { not match("ipmon"); };

log { source(remote); filter(f_m0n0wall); destination(m0n0wall); };
log { source(remote); filter(f_not_m0n0); destination(m0n0sys); };

Any catch all destination uses only:
log { source(src); filter(f_messages); destination(messages); };

Otherwise:
log { source(remote); filter(f_syslog);  filter (f_not_m0n0); \
     destination(syslog); };


Jürg