Date: Mon, 24 Jun 2013 09:28:52 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: auth.notice on syslog server Message-ID: <CAHu1Y70o4znN5kJ6q7tRcoQCpoVpCHv2=9gJxEVQu3Dyq0YarA@mail.gmail.com> In-Reply-To: <A3876859FBFA134BBEB7A9ADE583EC1D1F9472EED5@SPR-EXC01.onprvp.fgov.be> References: <A3876859FBFA134BBEB7A9ADE583EC1D1F9472EED5@SPR-EXC01.onprvp.fgov.be>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 24, 2013 at 5:35 AM, SWENNEN Rudi
<Rudi.SWENNEN@onprvp.fgov.be> wrote:
> Hello FreeBSD-list,
>
> I have the following two freebsd systems/servers: a server and a client. The syslog of the client is send to the server.
> I was wondering why the auth.notice entry on my server is generating a syslog entry (/dev/console) when I change to root on the client:
> Jun 24 12:01:38 SERVER kernel: Jun 24 12:00:32 CLIENT su: rudi to root on /dev/ttyv0
>
> Is there a way to "limit" the auth-facility not to log via syslog if the entry in generated from a remote system?
Yes, on the host that sends the logs.
E.g.,
auth.*,authpriv.*: /var/log/auth
console.*,cron.*,daemon.*,kern.*,mail.*,ntp.*,security.*,syslog.*,user.*,local.*:
@loghost
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y70o4znN5kJ6q7tRcoQCpoVpCHv2=9gJxEVQu3Dyq0YarA>