最近想把firewall的日志存到一个日志服务器上分析，对日志配置文件进行的调试。
过程如下：
修改启动文件/etc/rc.conf，加入
syslogd_flags="-4 -a 192.168.0.1/24:514"
其中：
    -4 - 指定为IP4，-6为IP6
    -a 192.168.0.0/24 - 接收来自这个网段的日志
    -514 - 知道端口号。
修改日志配置文件/etc/syslog.conf
local0.*      /var/log/firewall/firewall.log
建立相应的文件和目录
mkdir /var/log/firewall
touch /var/log/firewall/firewall.log

停止syslog进程
kill 进程号
以调试方式启动
/usr/sbin/syslod -d
在屏幕上你会看到输出的信息
listening on inet and/or inet6 socket
sending on inet and/or inet6 socket
off & running....
init
cfline("local0.*                                        /var/log/firewall                  /firewall.log", f, "*", "*")
cfline("*.err;kern.warning;auth.notice;mail.crit                /dev/cons                  ole", f, "*", "*")
cfline("*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err;  /                  var/log/messages", f, "*", "*")
cfline("security.*                                      /var/log/security                  ", f, "*", "*")
cfline("auth.info;authpriv.info                         /var/log/auth.log                  ", f, "*", "*")
cfline("mail.info                                       /var/log/maillog"                  , f, "*", "*")
cfline("lpr.info                                        /var/log/lpd-errs                  ", f, "*", "*")
cfline("ftp.info                                        /var/log/xferlog"                  , f, "*", "*")
cfline("cron.*                                          /var/log/cron", f                  , "*", "*")
cfline("*.=debug                                        /var/log/debug.lo                  g", f, "*", "*")
cfline("*.emerg                                         *", f, "*", "*")
cfline("*.*                                             /var/log/slip.log                  ", f, "startslip", "*")
cfline("*.*                                             /var/log/ppp.log"                  , f, "ppp", "*")
X X X X X X X X X X X X X X X X 8 X X X X X X X X FILE: /var/log/firewall                  /firewall.log
4 3 2 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console
7 5 2 5 5 5 6 3 5 5 X 5 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages
X X X X X X X X X X X X X 8 X X X X X X X X X X X FILE: /var/log/security
X X X X 6 X X X X X 6 X X X X X X X X X X X X X X FILE: /var/log/auth.log
X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog
X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs
X X X X X X X X X X X 6 X X X X X X X X X X X X X FILE: /var/log/xferlog
X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron
7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FILE: /var/log/debug.lo                  g
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL:
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/slip.log                   (startslip)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/ppp.log                   (ppp)
logmsg: pri 56, flags 4, from logserver, msg syslogd: restart
syslogd: restarted
logmsg: pri 6, flags 4, from logserver, msg syslogd: kernel boot file is                   /boot/kernel/kernel
Logging to FILE /var/log/messages
syslogd: kernel boot file is /boot/kernel/kernel
logmsg: pri 166, flags 17, from logserver, msg Aug 17 17:08:58 logserver                   syslogd: exiting on signal 15

打开另一台控制台开始调试：
1 - logger -p auth.notice "this is test!"
在调试窗口输出
logmsg: pri 166, flags 17, from logserver, msg Aug 17 17:13:43 logserver root: this is test

2 - logger -p local0.notice "This message will logged to the file /var/log/firewall/firewall.log"

检查文件/var/log/firewall/firewall.log是否有这样的信息：
    This message will logged to the file /var/log/firewall/firewall.log

调试完成。