From owner-freebsd-questions@FreeBSD.ORG  Sat Aug 23 17:13:58 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E8941106567D
	for <questions@freebsd.org>; Sat, 23 Aug 2008 17:13:58 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227])
	by mx1.freebsd.org (Postfix) with ESMTP id 3CD8A8FC24
	for <questions@freebsd.org>; Sat, 23 Aug 2008 17:13:57 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
	by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id m7NGfxhf000722
	for <questions@freebsd.org>; Sun, 24 Aug 2008 02:42:00 +1000 (EST)
	(envelope-from smithi@nimnet.asn.au)
Date: Sun, 24 Aug 2008 02:41:59 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: questions@freebsd.org
Message-ID: <20080824020347.R99986@sola.nimnet.asn.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: 
Subject: diverting (some) log_in_vain messages
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Aug 2008 17:13:59 -0000

Which syslog facility.level is used for {tcp,udp}.log_in_vain messages?

I want to see these as a rule, especially now while tuning a new system 
and firewall, but since running sendmail in earnest (even on our small 
scale) there are times when poor old /var/log/messages is rapidly losing 
much utility, being spammed by a) local resolver retries (lame servers 
and such) and b) connection attempts beyond sendmail's (low) set limits.

These have been very useful for tuning the sendmail timeouts for a small 
server to drastically reduce these, but I've seen enough for now ..

So I'd like to parse just log_in_vain messages, dumping the trivia to 
another file yet allowing the unexpected, more interesting stuff to go 
to /var/log/messages as usual, or to another file if that's a problem.

Any hints or howtos welcome, even RT(which?)FS ..

cheers, Ian  (please cc me, I'm only subscribed to the -digest)