Unix/Linux Go Back    


BSD BSD, sometimes called Berkeley Unix, is a Unix operating system developed by the Computer Systems Research Group of the UC Berkeley.

Syslog.conf issue

BSD


Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 10-25-2013
jnojr's Unix or Linux Image
jnojr jnojr is offline
Registered User
 
Join Date: Feb 2012
Last Activity: 3 January 2017, 12:27 PM EST
Location: San Diego, CA
Posts: 68
Thanks: 3
Thanked 2 Times in 2 Posts
Syslog.conf issue

I'm trying to get all ipfw logs going to ipfw.log I've managed that, but ipfw.log is also getting stuff that shows up in system.log


Code:
!-ipfw
*.notice;authpriv,remoteauth,ftp,install,internal.none  /var/log/system.log
kern.*                                                  /var/log/kernel.log

# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out this line.
#*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit            /dev/tty.serial

# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
auth.info;authpriv.*;remoteauth.crit                    /var/log/secure.log

lpr.info                                                /var/log/lpr.log
mail.*                                                  /var/log/mail.log
ftp.*                                                   /var/log/ftp.log
install.*                                               /var/log/install.log
install.*                                               @127.0.0.1:32376
local0.*                                                /var/log/appfirewall.log

*.emerg                                                 *

!ipfw
*.*                                                     /var/log/ipfw.log

I've seen various examples with a !* at the end, or before !ipfw, or after the system.log line, but none seem to work.
Sponsored Links
    #2  
Old Unix and Linux 11-07-2013
DGPickett DGPickett is offline Forum Advisor  
Registered User
 
Join Date: Oct 2010
Last Activity: 1 February 2016, 3:35 PM EST
Location: Southern NJ, USA (Nord)
Posts: 4,673
Thanks: 8
Thanked 587 Times in 560 Posts
Yes, syslog can send the same message to many files. Each file has to filter for itself.
Sponsored Links
    #3  
Old Unix and Linux 11-07-2013
jnojr's Unix or Linux Image
jnojr jnojr is offline
Registered User
 
Join Date: Feb 2012
Last Activity: 3 January 2017, 12:27 PM EST
Location: San Diego, CA
Posts: 68
Thanks: 3
Thanked 2 Times in 2 Posts
Quote:
Originally Posted by DGPickett View Post
Yes, syslog can send the same message to many files. Each file has to filter for itself.
Sorry, I'm not grokking what you're saying Linux
    #4  
Old Unix and Linux 11-07-2013
DGPickett DGPickett is offline Forum Advisor  
Registered User
 
Join Date: Oct 2010
Last Activity: 1 February 2016, 3:35 PM EST
Location: Southern NJ, USA (Nord)
Posts: 4,673
Thanks: 8
Thanked 587 Times in 560 Posts
If one log file gets *.* then it will capture all the messages in other files. This allows files with varying levels of detail.

http://www.howtoforge.com/syslog-bet...gging-tutorial

Last edited by DGPickett; 11-07-2013 at 04:11 PM..
Sponsored Links
    #5  
Old Unix and Linux 11-07-2013
jnojr's Unix or Linux Image
jnojr jnojr is offline
Registered User
 
Join Date: Feb 2012
Last Activity: 3 January 2017, 12:27 PM EST
Location: San Diego, CA
Posts: 68
Thanks: 3
Thanked 2 Times in 2 Posts
Quote:
Originally Posted by DGPickett View Post
If one log file gets *.* then it will capture all the messages in other files. This allows files with varying levels of detail.
Still not following.

AFAIK, the "!-ipfw" is saying, "Anything but ipfw logs" And then, at the bottom, "!ipfw" would be, "OK, start worrying about those logs again"

The last line to log *.* to ipfw.log works the way I would expect… only ipfw logs are left, so *.* goes to ipfw.log and all is well. My issue is that the ipfw logs are also showing up in system.log. I'm probably not understanding exactly what the "!-ipfw" and "!ipfw" are doing, but I haven't found any docs that specifically talk about them, only vague references.
Sponsored Links
    #6  
Old Unix and Linux 11-11-2013
DGPickett DGPickett is offline Forum Advisor  
Registered User
 
Join Date: Oct 2010
Last Activity: 1 February 2016, 3:35 PM EST
Location: Southern NJ, USA (Nord)
Posts: 4,673
Thanks: 8
Thanked 587 Times in 560 Posts
The config is message-centric, the sections are just for organization. Levels of detail always include coarser levels: http://www.freebsd.org/cgi/man.cgi?q...conf&sektion=5

The comparison flags may be used to specify exactly what is logged. The default comparison is "=>" (or, if you prefer, ">="), which means that messages from the specified facility list, and of a priority level equal to or greater than level will be logged. Comparison flags beginning with "!" will have their logical sense inverted. Thus "!=info" means all levels except info and "!notice" has the same meaning as "<notice".
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Configuring syslog.conf manoj.solaris Red Hat 2 01-31-2013 02:56 AM
Issue on resolv.conf Pradipta Kumar Red Hat 3 01-11-2013 02:44 AM
syslog.conf g0dlik3 Shell Programming and Scripting 1 11-27-2011 04:20 PM
syslog-ng.conf Tornado Solaris 5 11-18-2008 06:20 AM
syslog.conf soliberus Red Hat 1 08-11-2006 07:44 AM



All times are GMT -4. The time now is 11:56 AM.