Date: Mon, 7 Apr 1997 09:03:41 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: brian@awfulhak.org, brian@utell.co.uk Cc: freebsd-hackers@FreeBSD.org Subject: Re: syslogd watching other machine(s) Message-ID: <199704071603.JAA29943@phaeton.artisoft.com> In-Reply-To: <199704071306.OAA10803@utell.co.uk> from "Brian Somers" at Apr 7, 97 02:06:51 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > Hi! I have several Unix machines (FreeBSD and Irix), which I'd like > > to set up to watch for other machine's log entries. Say, rtfm will > > log aldan's messages and aldan will log rtfm's messages. > > > > Unfortunately, simply modifying /etc/syslogd.conf to send things to > > @another_host on both system, causes cascades of messages: rtfm sends > > the message to aldan, which bounces it back to rtfm right away. > > Then, rtfm passes it to aldan again, and so on... syslogd has to be > > restarted... > > > > The only solution I see for this, is to run two syslogd-s on each machine. > > With different config files. One will send local messages out (run in > > "safe" mode), another one -- logging remote messages. > > > > Can anyone think of a single process solution? Thanks! > > > > I think, syslogd has to have an option to operate in intelligent > > mode -- recognise when the incoming message is about the localhost > > and not log it (or, at least, not propagate it). > > The problem with the two-process thing is that currently, I expect > syslog will only write to the remote port that it listens to locally. > > I think a "[port]@machine" option for the config file would solve > this - you'd still need two syslogd processes. > > Does anyone on hackers (cc'd there) have any comments/observations ? Why are messages that come in from a non-local source being resent? If a machine is the loghost for another machine, it should not be permitted to delegate. If this is implemented, messages will not multihop, and the problem will go away without needing multiple processes or port options. Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704071603.JAA29943>