I am not convinced that syslogd can seperate ipchains from kernel messages, BUT the cronjob that hangles emailing, etc. can also cat the /var/log/messages file through grep to parse out specific messages. Can you offer me a snip of logs that show the actual ipchains message? > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Paul A. Henry > Sent: Sunday, April 16, 2000 8:48 AM > To: [EMAIL PROTECTED] > Subject: Re: Logs > > > Jack; > > A Cron job in Linux will handle automatically compressing and emailing > the log files. Further it can be expanded to handle writing them to tape. > > Now a question to others that may be following this thread: > > I read the man page for syslogd and it seems there is no way to separate > messages from ipchains from other kernel messages. You can break out other > messages based on their source to separate files but ipchain messages are > kernel messages and they are simply grouped together with all other kernel > messages. I wanted to port only the firewall - ipchain messages to a > separate file and play with running scripts against the logs to > do a little > IDS. Is their a keyword I missed in the config file that will > allow me send > only ipchain messages to an independent file? > > Paul > > > > ----- Original Message ----- > From: "Jack Dons" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, April 16, 2000 8:21 AM > Subject: Logs > > > > ok thats sounds right, so now what if I want the machine it > sends to logs > to > > to save them to a tape and then email them to a hotmail account, is that > > possible? oh and the other machine is running Redhat 6.2 > > ______________________________________________________ > > Get Your Private, Free Email at http://www.hotmail.com > > > > - > > [To unsubscribe, send mail to [EMAIL PROTECTED] with > > "unsubscribe firewalls" in the body of the message.] > > > > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
