01-21-2003
Quote:
Originally posted by Neo
Perhaps a stupid question:
Did you kill and restart syslogd after making configuration changes to syslogd.conf?
yes, i did. everytime i alter my syslog.conf i kill and restart syslogd.
the permissions on messages and router-log are the same.
i commented out the excess lines.
i'm thinking that, the following might be an issue.
*.err;kern.debug;auth.notice;mail.crit /dev/console
*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
the "*.notice" second line, i'm assuming means that all notices, regardless of source, are to be sent to /var/log/messages.
unfortunately, i don't know the severity rating of the messages that the firewall is sending.
maybe you can help me out. a typical message looks like this:
Jan 20 20:19:08 <16.5> (806 hostname) id=firewall sn=(serial number of webramp) time="2003-01-20 20:19:07" fw=(some ip address)
pri=5 c=256 m=38 msg="ICMP packet dropped" n=2956 src==(some ip address) dst==(some ip address) rule=0^M
again, an assumption, but i think that pri=5 means priority 5, which seems to be a notification level event with the cisco router.
if this is the case, how could i redirect only FreeBSD notifications to go to messages?
i didn't get a clear indication of how to do it in the documentation? is it local0.notice or something?
Last edited by xyyz; 01-21-2003 at 06:28 AM..
10 More Discussions You Might Find Interesting
1. Linux
Hi,
I have a cisco router router and a linux box. I would like to know how to configure both the device so that everything that passes through my router gets logged in the linux box.
Also I am very much new in cisco router. Is it ok to post such question in this forum, or i need to post it... (4 Replies)
Discussion started by: RajaRC
4 Replies
2. Shell Programming and Scripting
Hi,
I have automated a build process that does the following activities.
1. check out code from cvs to a specific directory
2. build the revision checked out with 'ANT'
3. integrate the compiled code with the QA/UAT or new environment
(/apps/QA or /apps/UAT or /apps/new directory)
I... (1 Reply)
Discussion started by: yoi2hot4ya
1 Replies
3. Shell Programming and Scripting
Hi guys,
Been sifting through these forums for awhile, but never had an account or needed to post. Shoutouts to a great forum with heaps of useful info.
Now i consider myself a noob when it comes to linux and to bash scripting. I recently started to learn to use Vmware ESX server which uses... (4 Replies)
Discussion started by: ryath
4 Replies
4. Shell Programming and Scripting
Here is a snippet of code that work for me:
expect "abc" {send_log "abc found" } \
"def" {send_log "def found" } \
"123" {send_log "123 found}
however the following does not and according to the book "Exploring Expect" it should be equivalent:
expect { "abc"... (1 Reply)
Discussion started by: twk
1 Replies
5. Emergency UNIX and Linux Support
We are using the solaris server and if i am using rm -rf to delete the directories its asking the confirmation for each and every file inside the directory.Is there any way to disable ( should not ask the confirmation) only for a particular session? (12 Replies)
Discussion started by: sureshbabuc
12 Replies
6. Shell Programming and Scripting
#!/bin/bash
glist=`cat /etc/group | cut -d ":" -f1,4`
ulist=`cat /etc/passwd | cut -d ":" -f1,6`
for i in $glist
do
echo "$glist"
done
for i in $ulist
do
echo "$ulist"
done
chkgrp=`cat /etc/group | cut -d ":" -f1`
for a in chkgrp
do (4 Replies)
Discussion started by: mduduzi
4 Replies
7. UNIX for Advanced & Expert Users
Hello,
I am using Ubuntu Linux and having problems in setting up remote syslogging. Appreciate your help on this.
On the server unix host, I have made following changes.
uncommented following lines in /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
Now i am trying to run rsyslog in... (0 Replies)
Discussion started by: ravi.videla
0 Replies
8. Shell Programming and Scripting
Hi,
I do have a very simple task to divide 2 variables and display the result.
I CANNOT use bc
when i try
var1=2
var2=4
var3=$(($var1 / $var2))
echo $var3
the output is always 0
What can I change to get a dotted decimal result such as 0.5 ?
Thanks! (5 Replies)
Discussion started by: svetoslav_sj
5 Replies
9. Shell Programming and Scripting
I am converting English letters/words/punctuation in leet speak. My current script works just fine, but when I call the functions it seem to be bypassing my second function altogether. I am new to shell scripting so excuse me if its an easy fix.
Also, when using SED for whole word phrases like... (4 Replies)
Discussion started by: bri09
4 Replies
10. UNIX for Dummies Questions & Answers
Hi,
I'm having some problems with sendmail in Linux. The thing is when I type the following command to send an e-mail:
sendmail bartoszk@companydomain.pl< test.txt
it looks like it executed but I don't receive the mail. The file test.txt looks like that:
To:... (3 Replies)
Discussion started by: bartoszk
3 Replies
LEARN ABOUT V7
syslog.conf
SYSLOG.CONF(5) BSD File Formats Manual SYSLOG.CONF(5)
NAME
syslog.conf -- configuration file for syslogd(8)
DESCRIPTION
The syslog.conf file is the configuration file for the syslogd(8) program. It consists of lines with two fields: the selector field which
specifies the types of messages and priorities to which the line applies, and an action field which specifies the action to be taken if a
message syslogd receives matches the selection criteria. The selector field is separated from the action field by one or more tab or space
characters. A rule can be splitted in several lines if all lines except the last are terminated with a backslash (``'').
The Selectors function are encoded as a facility, a period (``.''), and a level, with no intervening white-space. Both the facility and the
level are case insensitive.
The facility describes the part of the system generating the message, and is one of the following keywords: auth, authpriv, cron, daemon,
kern, lpr, mail, mark, news, syslog, user, uucp and local0 through local7. These keywords (with the exception of mark) correspond to the
similar ``LOG_'' values specified to the openlog(3) and syslog(3) library routines.
The level describes the severity of the message, and is a keyword from the following ordered list (higher to lower): emerg, alert, crit, err,
warning, notice and debug. These keywords correspond to the similar (LOG_) values specified to the syslog library routine.
See syslog(3) for a further descriptions of both the facility and level keywords and their significance.
If a received message matches the specified facility and is of the specified level (or a higher level), the action specified in the action
field will be taken.
Multiple selectors may be specified for a single action by separating them with semicolon (``;'') characters. It is important to note, how-
ever, that each selector can modify the ones preceding it.
Multiple facilities may be specified for a single level by separating them with comma (``,'') characters.
An asterisk (``*'') can be used to specify all facilities or all levels.
By default, a level applies to all messages with the same or higher level. The equal (``='') character can be prepended to a level to
restrict this line of the configuration file to messages with the very same level.
An exclamation mark (``!'') prepended to a level or the asterisk means that this line of the configuration file does not apply to the speci-
fied level (and higher ones). In conjunction with the equal sign, you can exclude single levels as well.
The special facility ``mark'' receives a message at priority ``info'' every 20 minutes (see syslogd(8)). This is not enabled by a facility
field containing an asterisk.
The special level ``none'' disables a particular facility.
The action field of each line specifies the action to be taken when the selector field selects a message. There are five forms:
o A pathname (beginning with a leading slash). Selected messages are appended to the file.
You may prepend a minus (``-'') to the path to omit syncing the file after each message log. This can cause data loss at system crashes,
but increases performance for programs which use logging extensively.
o A named pipe (fifo), beginning with a vertical bar (``|'') followed by a pathname. The pipe must be created with mkfifo(8) before syslogd
reads its configuration file. This feature is especially useful fo debugging.
o A hostname (preceded by an at (``@'') sign). Selected messages are forwarded to the syslogd program on the named host.
o A comma separated list of users. Selected messages are written to those users if they are logged in.
o An asterisk. Selected messages are written to all logged-in users.
Blank lines and lines whose first non-blank character is a hash (``#'') character are ignored.
EXAMPLES
A configuration file might appear as follows:
# Log all kernel messages, authentication messages of
# level notice or higher and anything of level err or
# higher to the console.
# Don't log private authentication messages!
*.err;kern.*;auth.notice;authpriv.none /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Everybody gets emergency messages, plus log them on another
# machine.
*.emerg *
*.emerg @arpa.berkeley.edu
# Root and Eric get alert and higher messages.
*.alert root,eric
# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit /var/log/spoolerr
FILES
/etc/syslog.conf The syslogd(8) configuration file.
BUGS
The effects of multiple selectors are sometimes not intuitive. For example ``mail.crit,*.err'' will select ``mail'' facility messages at the
level of ``err'' or higher, not at the level of ``crit'' or higher.
SEE ALSO
syslog(3), syslogd(8)
4.4BSD June 9, 1993 4.4BSD