Solaris

well looks like my /etc/hosts is different then the box that is working, i didnt clarify myself earlier, bascially mail messages are not being sent to /var/log/syslog... its a zero length file. On the box that is not working loghost is not on the same line as the hostname of the machine. Which I think i did, because i beleive this leaves you open to a denial of service attack. I thought this allowed you to be a syslog server, and thus other machines could send you syslog messages... so in order to resolve this could i take out the loghost reference in /etc/syslog.conf?


mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)

Yes, you can just put them in the same format as any of the other things that go directly to files.

Do you have a loghost defined in /etc/inet/hosts? If so does it have the same ip as the line with hostname? If you answered yes to both then it should be working.

no, i dont have loghost defined in /etc/inet/hosts... I read that leaves you open to a DOS attack.... I thought if you didnt have a loghost definend, it would write to the local host....

So i beleive if i take the loghost entry out of /etc/hosts and then alter the mail line in syslog.conf to look like this... i should be ok

mail.debug /var/log/syslog

anyone think this is a bad idea?

Actually I meant what program are you expecting to write to /var/log/syslog (I got it with a followup message).

Carl

What's in your /etc/inet/hosts file shouldn't affect inbound connections. If syslog is running then you're listening on udp 601. Do a netstat -a | grep syslog and you'll likely see a syslog udp service (or grep for 601). If you define loghost on one system as any other system that's running syslogd and nothing's blocking access, you'll log info to that server (also assuming the facility is setup to log the incoming logs of course).

And yea, as long as you're not sending info to another server, it should log locally.

Carl

I know that on some syslog implementations you can use spaces to separate the facility from the log. On Solaris (at least Solaris 6, which was the last time I worked with a syslog dedicated server), you must have only tabs between the facility and the log file name.

I just checked OS X, Mandrake Linux and OpenBSD and all use tabs.

Make sure the file exists before you restart syslog (yea I saw your earlier post that said it was zero bytes, just a note for the folks at home ).

Again, you might try using logger:

logger -p mail.debug -t testing "Testing to see if syslog is really working."

If you have an existing entry, you can replace mail.debug with one of those facilities and check that log. Basically make sure syslog itself is working so you know what you're trying to fix. Perhaps your mail program isn't configured to log to mail.debug (need to increase a debug level for example).

Carl