Syslog.conf issue


 
Thread Tools Search this Thread
Operating Systems BSD Syslog.conf issue
# 1  
Old 10-25-2013
Syslog.conf issue

I'm trying to get all ipfw logs going to ipfw.log I've managed that, but ipfw.log is also getting stuff that shows up in system.log

Code:
!-ipfw
*.notice;authpriv,remoteauth,ftp,install,internal.none  /var/log/system.log
kern.*                                                  /var/log/kernel.log

# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out this line.
#*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit            /dev/tty.serial

# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
auth.info;authpriv.*;remoteauth.crit                    /var/log/secure.log

lpr.info                                                /var/log/lpr.log
mail.*                                                  /var/log/mail.log
ftp.*                                                   /var/log/ftp.log
install.*                                               /var/log/install.log
install.*                                               @127.0.0.1:32376
local0.*                                                /var/log/appfirewall.log

*.emerg                                                 *

!ipfw
*.*                                                     /var/log/ipfw.log

I've seen various examples with a !* at the end, or before !ipfw, or after the system.log line, but none seem to work.
# 2  
Old 11-07-2013
Yes, syslog can send the same message to many files. Each file has to filter for itself.
# 3  
Old 11-07-2013
Quote:
Originally Posted by DGPickett
Yes, syslog can send the same message to many files. Each file has to filter for itself.
Sorry, I'm not grokking what you're saying Smilie
# 4  
Old 11-07-2013
If one log file gets *.* then it will capture all the messages in other files. This allows files with varying levels of detail.

http://www.howtoforge.com/syslog-bet...gging-tutorial

Last edited by DGPickett; 11-07-2013 at 05:11 PM..
# 5  
Old 11-07-2013
Quote:
Originally Posted by DGPickett
If one log file gets *.* then it will capture all the messages in other files. This allows files with varying levels of detail.
Still not following.

AFAIK, the "!-ipfw" is saying, "Anything but ipfw logs" And then, at the bottom, "!ipfw" would be, "OK, start worrying about those logs again"

The last line to log *.* to ipfw.log works the way I would expect... only ipfw logs are left, so *.* goes to ipfw.log and all is well. My issue is that the ipfw logs are also showing up in system.log. I'm probably not understanding exactly what the "!-ipfw" and "!ipfw" are doing, but I haven't found any docs that specifically talk about them, only vague references.
# 6  
Old 11-11-2013
The config is message-centric, the sections are just for organization. Levels of detail always include coarser levels: http://www.freebsd.org/cgi/man.cgi?q...conf&sektion=5

The comparison flags may be used to specify exactly what is logged. The default comparison is "=>" (or, if you prefer, ">="), which means that messages from the specified facility list, and of a priority level equal to or greater than level will be logged. Comparison flags beginning with "!" will have their logical sense inverted. Thus "!=info" means all levels except info and "!notice" has the same meaning as "<notice".
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Which are the available entries to forward syslog in syslog.conf?

Hi Community Which are the available entries to forward syslog in syslog.conf i have put *.err;kern.debug;daemon.notice;mail.crit;user.alert;user.emerg;kern.notice;auth.notice;kern.warning @172.16.200.50 and it's not going through.giving error message like below: syslogd:... (2 Replies)
Discussion started by: bentech4u
2 Replies

2. HP-UX

HPUX nsswitch.conf issue

Hi all, There wasn't nsswitch.conf file in my HPUX server. So I copied /etc/nsswitch.files to /etc/nsswitch.conf and changed the content like below. passwd: compat group: compat hosts: files dns nis ipnodes: dns files services: nis files networks: nis... (2 Replies)
Discussion started by: sembii
2 Replies

3. UNIX for Dummies Questions & Answers

DNS server - /etc/resolv.conf file issue

Hi, Am trying to configure DNS server and trying to keep the information in /etc/resolv.conf file as: search server nameserver 192.168.0.10 when i restart the network service with #service network restart, resolv.conf file is changing as: nameserver 192.168.0.10 search server -... (5 Replies)
Discussion started by: raosr020
5 Replies

4. Red Hat

Issue on resolv.conf

Hi all, :( I am facing issue while I have updated in resolv.conf, after nework service restart, it was automatically deleted IP from resolv.conf file. Could you please let me know what is the reason resolv.conf deleted any IP which I have manually updated, but it store only my router IP... (3 Replies)
Discussion started by: Pradipta Kumar
3 Replies

5. Solaris

best configuration for syslog.conf

I would like to configure the syslog.conf to have a good monitoring information about my system. do you have any idea about best configuration from your experience in your Data Centers BR, (5 Replies)
Discussion started by: maxim42
5 Replies

6. Shell Programming and Scripting

syslog.conf

How can i configure messages with warn priority to be logged in /var/log/mywarnings.log ? (1 Reply)
Discussion started by: g0dlik3
1 Replies

7. UNIX for Advanced & Expert Users

Modifying syslog.conf

I have a RHEL box that I want to be the loghost for all of the other systems on my network and have set up a /logs partitions to hold all of the logs. I've also created a file called current.log that will contain daily logs and created it using the following command: cp /dev/null current.log. ... (4 Replies)
Discussion started by: goose25
4 Replies

8. Solaris

syslog-ng.conf

Has anyone here configured a central syslog server using syslog-ng ? I have set one up and I'm trying to tune the syslog-ng.conf file, both for the server and the client. I have found lots of linux example files, but not much on Solaris which is slightly different. So if you have a Solaris... (5 Replies)
Discussion started by: Tornado
5 Replies

9. Red Hat

syslog.conf

Hi all I have a RedHat Linux AS2.1 server that keep crashing/rebooting and there are no messages in the /var/log/messages file pointing to any problems. I had a look at the /etc/syslog.conf file to see what gets logged to /var/log/messages, but I don't know what else to add. Can anyone tell me... (1 Reply)
Discussion started by: soliberus
1 Replies

10. UNIX for Dummies Questions & Answers

Apache httpd.conf <VirtualHost> issue

I have just configured httpd.conf on a new Redhat 9 install. Below are my additions to httpd.conf. Everything works fine except that when typing http://spetnik.d2g.com into my web browser, I am sent to the "Default catch all" site. Any clues? NameVirtualHost *:80 #Default catch all ... (5 Replies)
Discussion started by: Spetnik
5 Replies
Login or Register to Ask a Question