Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: syslogging issues
Top Forums UNIX for Advanced & Expert Users syslogging issues Post 33821 by xyyz on Monday 20th of January 2003 11:29:39 PM
Old 01-21-2003
Quote:
Originally posted by Neo
Perhaps a stupid question:

Did you kill and restart syslogd after making configuration changes to syslogd.conf?
yes, i did. everytime i alter my syslog.conf i kill and restart syslogd.

the permissions on messages and router-log are the same.

i commented out the excess lines.

i'm thinking that, the following might be an issue.


*.err;kern.debug;auth.notice;mail.crit /dev/console
*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages


the "*.notice" second line, i'm assuming means that all notices, regardless of source, are to be sent to /var/log/messages.

unfortunately, i don't know the severity rating of the messages that the firewall is sending.

maybe you can help me out. a typical message looks like this:

Jan 20 20:19:08 <16.5> (806 hostname) id=firewall sn=(serial number of webramp) time="2003-01-20 20:19:07" fw=(some ip address) pri=5 c=256 m=38 msg="ICMP packet dropped" n=2956 src==(some ip address) dst==(some ip address) rule=0^M

again, an assumption, but i think that pri=5 means priority 5, which seems to be a notification level event with the cisco router.

if this is the case, how could i redirect only FreeBSD notifications to go to messages?

i didn't get a clear indication of how to do it in the documentation? is it local0.notice or something?
Last edited by xyyz; 01-21-2003 at 06:28 AM..
 

10 More Discussions You Might Find Interesting

1. Linux

CISCO syslogging in linux

Hi, I have a cisco router router and a linux box. I would like to know how to configure both the device so that everything that passes through my router gets logged in the linux box. Also I am very much new in cisco router. Is it ok to post such question in this forum, or i need to post it... (4 Replies)
Discussion started by: RajaRC
4 Replies

2. Shell Programming and Scripting

SU issues

Hi, I have automated a build process that does the following activities. 1. check out code from cvs to a specific directory 2. build the revision checked out with 'ANT' 3. integrate the compiled code with the QA/UAT or new environment (/apps/QA or /apps/UAT or /apps/new directory) I... (1 Reply)
Discussion started by: yoi2hot4ya
1 Replies

3. Shell Programming and Scripting

while loop issues

Hi guys, Been sifting through these forums for awhile, but never had an account or needed to post. Shoutouts to a great forum with heaps of useful info. Now i consider myself a noob when it comes to linux and to bash scripting. I recently started to learn to use Vmware ESX server which uses... (4 Replies)
Discussion started by: ryath
4 Replies

4. Shell Programming and Scripting

Issues with Expect

Here is a snippet of code that work for me: expect "abc" {send_log "abc found" } \ "def" {send_log "def found" } \ "123" {send_log "123 found} however the following does not and according to the book "Exploring Expect" it should be equivalent: expect { "abc"... (1 Reply)
Discussion started by: twk
1 Replies

5. Emergency UNIX and Linux Support

rm -rf issues

We are using the solaris server and if i am using rm -rf to delete the directories its asking the confirmation for each and every file inside the directory.Is there any way to disable ( should not ask the confirmation) only for a particular session? (12 Replies)
Discussion started by: sureshbabuc
12 Replies

6. Shell Programming and Scripting

Script issues

#!/bin/bash glist=`cat /etc/group | cut -d ":" -f1,4` ulist=`cat /etc/passwd | cut -d ":" -f1,6` for i in $glist do echo "$glist" done for i in $ulist do echo "$ulist" done chkgrp=`cat /etc/group | cut -d ":" -f1` for a in chkgrp do (4 Replies)
Discussion started by: mduduzi
4 Replies

7. UNIX for Advanced & Expert Users

Issues in setting up remote syslogging

Hello, I am using Ubuntu Linux and having problems in setting up remote syslogging. Appreciate your help on this. On the server unix host, I have made following changes. uncommented following lines in /etc/rsyslog.conf $ModLoad imudp $UDPServerRun 514 Now i am trying to run rsyslog in... (0 Replies)
Discussion started by: ravi.videla
0 Replies

8. Shell Programming and Scripting

Issues when dividing

Hi, I do have a very simple task to divide 2 variables and display the result. I CANNOT use bc when i try var1=2 var2=4 var3=$(($var1 / $var2)) echo $var3 the output is always 0 What can I change to get a dotted decimal result such as 0.5 ? Thanks! (5 Replies)
Discussion started by: svetoslav_sj
5 Replies

9. Shell Programming and Scripting

Function Issues

I am converting English letters/words/punctuation in leet speak. My current script works just fine, but when I call the functions it seem to be bypassing my second function altogether. I am new to shell scripting so excuse me if its an easy fix. Also, when using SED for whole word phrases like... (4 Replies)
Discussion started by: bri09
4 Replies

10. UNIX for Dummies Questions & Answers

Sendmail issues

Hi, I'm having some problems with sendmail in Linux. The thing is when I type the following command to send an e-mail: sendmail bartoszk@companydomain.pl< test.txt it looks like it executed but I don't receive the mail. The file test.txt looks like that: To:... (3 Replies)
Discussion started by: bartoszk
3 Replies

LEARN ABOUT V7

syslog.conf

SYSLOG.CONF(5)						      BSD File Formats Manual						    SYSLOG.CONF(5)

NAME

     syslog.conf -- configuration file for syslogd(8)

DESCRIPTION

     The syslog.conf file is the configuration file for the syslogd(8) program.  It consists of lines with two fields: the selector field which
     specifies the types of messages and priorities to which the line applies, and an action field which specifies the action to be taken if a
     message syslogd receives matches the selection criteria.  The selector field is separated from the action field by one or more tab or space
     characters. A rule can be splitted in several lines if all lines except the last are terminated with a backslash (``'').

     The Selectors function are encoded as a facility, a period (``.''), and a level, with no intervening white-space.	Both the facility and the
     level are case insensitive.

     The facility describes the part of the system generating the message, and is one of the following keywords: auth, authpriv, cron, daemon,
     kern, lpr, mail, mark, news, syslog, user, uucp and local0 through local7.  These keywords (with the exception of mark) correspond to the
     similar ``LOG_'' values specified to the openlog(3) and syslog(3) library routines.

     The level describes the severity of the message, and is a keyword from the following ordered list (higher to lower): emerg, alert, crit, err,
     warning, notice and debug.  These keywords correspond to the similar (LOG_) values specified to the syslog library routine.

     See syslog(3) for a further descriptions of both the facility and level keywords and their significance.

     If a received message matches the specified facility and is of the specified level (or a higher level), the action specified in the action
     field will be taken.

     Multiple selectors may be specified for a single action by separating them with semicolon (``;'') characters.  It is important to note, how-
     ever, that each selector can modify the ones preceding it.

     Multiple facilities may be specified for a single level by separating them with comma (``,'') characters.

     An asterisk (``*'') can be used to specify all facilities or all levels.

     By default, a level applies to all messages with the same or higher level.  The equal (``='') character can be prepended to a level to
     restrict this line of the configuration file to messages with the very same level.

     An exclamation mark (``!'') prepended to a level or the asterisk means that this line of the configuration file does not apply to the speci-
     fied level (and higher ones). In conjunction with the equal sign, you can exclude single levels as well.

     The special facility ``mark'' receives a message at priority ``info'' every 20 minutes (see syslogd(8)).  This is not enabled by a facility
     field containing an asterisk.

     The special level ``none'' disables a particular facility.

     The action field of each line specifies the action to be taken when the selector field selects a message.	There are five forms:

     o	 A pathname (beginning with a leading slash).  Selected messages are appended to the file.

	 You may prepend a minus (``-'') to the path to omit syncing the file after each message log. This can cause data loss at system crashes,
	 but increases performance for programs which use logging extensively.

     o	 A named pipe (fifo), beginning with a vertical bar (``|'') followed by a pathname. The pipe must be created with mkfifo(8) before syslogd
	 reads its configuration file.	This feature is especially useful fo debugging.

     o	 A hostname (preceded by an at (``@'') sign).  Selected messages are forwarded to the syslogd program on the named host.

     o	 A comma separated list of users.  Selected messages are written to those users if they are logged in.

     o	 An asterisk.  Selected messages are written to all logged-in users.

     Blank lines and lines whose first non-blank character is a hash (``#'') character are ignored.

EXAMPLES

     A configuration file might appear as follows:

     # Log all kernel messages, authentication messages of
     # level notice or higher and anything of level err or
     # higher to the console.
     # Don't log private authentication messages!
     *.err;kern.*;auth.notice;authpriv.none  /dev/console

     # Log anything (except mail) of level info or higher.
     # Don't log private authentication messages!
     *.info;mail.none;authpriv.none	     /var/log/messages

     # The authpriv file has restricted access.
     authpriv.* 					     /var/log/secure

     # Log all the mail messages in one place.
     mail.*						     /var/log/maillog

     # Everybody gets emergency messages, plus log them on another
     # machine.
     *.emerg						     *
     *.emerg						     @arpa.berkeley.edu

     # Root and Eric get alert and higher messages.
     *.alert						     root,eric

     # Save mail and news errors of level err and higher in a
     # special file.
     uucp,news.crit					     /var/log/spoolerr

FILES

     /etc/syslog.conf  The syslogd(8) configuration file.

BUGS

     The effects of multiple selectors are sometimes not intuitive.  For example ``mail.crit,*.err'' will select ``mail'' facility messages at the
     level of ``err'' or higher, not at the level of ``crit'' or higher.

SEE ALSO

     syslog(3), syslogd(8)

4.4BSD								   June 9, 1993 							    4.4BSD
All times are GMT -4. The time now is 03:33 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy