From owner-freebsd-questions  Sun Sep 20 06:44:25 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA26543
          for freebsd-questions-outgoing; Sun, 20 Sep 1998 06:44:25 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from lucy.bedford.net (lucy.bedford.net [206.99.145.54])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA26538
          for <freebsd-questions@FreeBSD.ORG>; Sun, 20 Sep 1998 06:44:21 -0700 (PDT)
          (envelope-from listread@lucy.bedford.net)
Received: (from listread@localhost)
	by lucy.bedford.net (8.8.8/8.8.8) id JAA03997;
	Sun, 20 Sep 1998 09:26:20 -0400 (EDT)
	(envelope-from listread)
Message-Id: <199809201326.JAA03997@lucy.bedford.net>
Subject: Re: 2nd try + update:  whats wrong with this sylog.conf?
In-Reply-To: <004301bde319$d3d54960$0cf896d0@work2.insolwwb.net> from Mike Grommet at "Sep 18, 98 10:34:30 am"
To: mgrommet@insolwwb.net (Mike Grommet)
Date: Sun, 20 Sep 1998 09:26:20 -0400 (EDT)
Cc: freebsd-questions@FreeBSD.ORG
X-notice: Copyright (C) 1998, by the author, "Woodchuck" djv@bedford.net
X-notice: All rights reserved.
X-no-archive: yes
Reply-to: djv@bedford.net
From: "Woodchuck"  <djv@bedford.net>
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Mike Grommet wrote:
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> I did recently install tcp_wrappers, but I've tried this with both the
> pre-tcp_wrapper inetd.conf file
> and the current one, and still did the same thing.

Not relevant. tcp_wrapper uses LOG_AUTH, syslogd is not tcp_wrapped,
or inetd'd, for that matter. You're not starting it with inetd, I hope.

> here's the conf file.  Despite my cut and paste here, there really are tabs
> between the lhs and the rhs...

It's better to 'attach' or uuencode.  It is not just the presence
of tabs, but also an absence of spaces, ^M's ^L's etc, that matters.
syslogd looks explicitly for a run of tabs as delimiter.

> Heck I even copied this off of a working bsdi 3.1 machine that works fine...
> still didnt work for me.
> the /var/log/secure file has been created and has permissions
> ->rw-------  1 root  bin        0 Sep 17 11:01 secure

All that matters is that the file exist and be accessible by root.
The comments in the distribution source syslog.conf are misleading
on this and other points.

You are starting syslogd as root, I hope :) Otherwise, we have an answer.

> Also, when I put my syslogd into debug mode, it never says anything about
> logging into /var/log/secure...

Yes, it does.

> so what have I missed here?
> 
> 
> ----- START OF CONF ----- This is a simple conf file, but doesnt work....
> 
> *.err;kern.*;auth.notice;authpriv.none;mail.crit        /dev/console
> kern.*;auth.notice;authpriv.none;mail.crit        /dev/console
> *.notice;authpriv,ftp,uucp,cron,news.none;kern.debug;mail.crit
> /var/log/messages
> authpriv.*            /var/log/secure
> lpr.info                /var/log/lpd-errs
> mail.*                  /var/log/maillog
> uucp.*                 /var/spool/uucp/errors
> cron.*                  /var/log/cron
> ftp.*                   /var/log/ftp.log
> daemon.*                /var/log/daemon.log
> *.emerg                 *
> *.notice;auth.debug;authpriv.none       root
> 
> --- END OF CONF -----
> 
> 
> here is the syslogd -d output....

This is only some of the output; it would be more interesting to
see what comes forth when authpriv is exercised.

> 8 3 2 3 5 3 3 3 3 3 X 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console
> 8 X 2 X 5 X X X X X X X X X X X X X X X X X X X X CONSOLE: /dev/console
> 7 5 2 5 5 5 5 X X X X X 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages
> X X X X X X X X X X 8 X X X X X X X X X X X X X X FILE: /var/log/secure

This is the correct output.

> X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs
> X X 8 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog
> X X X X X X X X 8 X X X X X X X X X X X X X X X X UNUSED:
> X X X X X X X X X 8 X X X X X X X X X X X X X X X UNUSED:
> X X X X X X X X X X X 8 X X X X X X X X X X X X X FILE: /var/log/ftp.log
> X X X 8 X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/daemon.log
> 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL:
> 5 5 5 5 7 5 5 5 5 5 X 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: root,
> logmsg: pri 56, flags 4, from backup, msg syslogd: restart
> syslogd: restarted

I have appended a syslog.conf that is correct and works on 2.2.6R.

To exercise the LOG_AUTHPRIV facility, use logger(1) like so:

        logger -p authpriv.info Some happy message to log

syslogd won't log any messages unless told to. It is instructive to
use logger as in the example, observing the output of syslogd -d,
and following /var/log/secure with tail -f.

Dave
-- 

begin 644 syslog.conf
M*BYE<G([:V5R;BXJ.V%U=&@N;F]T:6-E.V%U=&AP<FEV+FYO;F4[;6%I;"YC
M<FET"2]D978O8V]N<V]L90IK97)N+BH[875T:"YN;W1I8V4[875T:'!R:78N
M;F]N93MM86EL+F-R:70)+V1E=B]C;VYS;VQE"BHN;F]T:6-E.V%U=&AP<FEV
M+&9T<"QU=6-P+&-R;VXL;F5W<RYN;VYE.VME<FXN9&5B=6<[;6%I;"YC<FET
M"B]V87(O;&]G+VUE<W-A9V5S"F%U=&AP<FEV+BH)+W9A<B]L;V<O<V5C=7)E
M"FQP<BYI;F9O"2]V87(O;&]G+VQP9"UE<G)S"FUA:6PN*@DO=F%R+VQO9R]M
M86EL;&]G"G5U8W`N*@DO=F%R+W-P;V]L+W5U8W`O97)R;W)S"F-R;VXN*@DO
M=F%R+VQO9R]C<F]N"F9T<"XJ"2]V87(O;&]G+V9T<"YL;V<*9&%E;6]N+BH)
M+W9A<B]L;V<O9&%E;6]N+FQO9PHJ+F5M97)G"2H**BYN;W1I8V4[875T:"YD
896)U9SMA=71H<')I=BYN;VYE"7)O;W0*
`
end


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message