source src1 { file("/dev/klog"); }; yep thsi worked! thx a lot, sorry about this ----- Original Message ----- From: "Balazs Scheidler" <bazsi@balabit.hu> To: <syslog-ng@venus.terrasoft.hu> Sent: Thursday, June 01, 2000 5:04 AM Subject: Re: [syslog-ng] ipfw logging
ok i tried /dev/log - no result, same thing - ipfw is not being logged anywhere. i noiced that i am not the only one with this problem. the other person from japan seems to have similar issue.
I don't have the whole thread, so this may already have been covered...
I believe ipfw is logged via. the kernel like ipchains. Do you have the kernel logging device in your syslog-ng config file? On Linux, you need to add: file("/proc/kmsg"); to your source statement and then you can kill klogd.
I think he uses FreeBSD, and /proc/kmsg is Linux specific. (and even under linux, using klogd is recommended, since it preprocesses some kernel messages)
FreeBSD uses a special character device named /dev/klog for kernel logging. It _should_ work with
file s_kern { file("/dev/klog"); };
If it doesn't, then tell me how to generate some kernel messages under FreeBSD. I have it installed, but since I'm not that much experienced in it, I can't test whether kernel messages arrive or not.
-- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu http://lists.balabit.hu/mailman/listinfo/syslog-ng