OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: yet another idea about /etc/security
From: Stefan `Sec` Zehl (sec42.org)
Date: Mon Feb 07 2000 - 05:16:11 CST

On Sun, Feb 06, 2000 at 07:10:11PM -0600, Igor Roshchin wrote:
> 4. I agree that it would be nice to have ports using syslog facility.
> However, in this case it would be even more important to be able
> to specify in /etc/syslog.conf what facilities at a given
> priority should be _excluded_ from being logged to the specified
> file.
>
> Example:
> to log *.notice to /var/log/messages, with an exception
> for, say, local1.notice,
> with the syntax like:
> *.notice;-local1.notice /var/log/messages

This is what I do (and that works resonably well)
*.notice;kern.debug;lpr.info;mail.err;news.err;local2.err /var/log/messages

i.e. for mail,news and local2 only err and higher are logged. Therefore
practically archiving what you want :-)

CU,
    Sec 

-- 
Failure is not an option. It comes bundled with your Microsoft product.

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message