i've got a couple firewalls sending their syslog messages to an ubuntu server running rsyslog.
i want the firewalls to log to a separate file, and avoid cluttering the messages and syslog logs with the same messages. documentation says use:
local[I]n[/I].none /var/log/messages
i've tried putting these lines everywhere in the rsyslog config; but, it just keeps logging to messages/syslog
/etc/rsyslog.conf looks like this:
local3.none;local4.none /var/log/messages
local3.none;local4.none /var/log/syslog
local3.* /var/log/firewall1.log
local4.* /var/log/firewall2.log
tried the nones above/below the facilities, tried separating them in to individual lines... still logs.
and, i know rsyslog is using the config file because the local
n.* are working and logging to the desired logs correctly.
what am i missing?