From owner-freebsd-questions Mon Jul 31 11:28:11 2000 Delivered-To: freebsd-questions@freebsd.org Received: from rm-rstar.sfu.ca (rm-rstar.sfu.ca [142.58.120.21]) by hub.freebsd.org (Postfix) with ESMTP id A649C37B857 for ; Mon, 31 Jul 2000 11:28:01 -0700 (PDT) (envelope-from vanepp@sfu.ca) Received: from fraser.sfu.ca (vanepp@fraser.sfu.ca [142.58.101.25]) by rm-rstar.sfu.ca (8.10.1/8.10.1/SFU-5.0H) with ESMTP id e6VIRt328827 for ; Mon, 31 Jul 2000 11:27:55 -0700 (PDT) From: Peter Van Epp Received: (from vanepp@localhost) by fraser.sfu.ca (8.9.2/8.9.2/SFU-5.0C) id LAA01738 for questions@FreeBSD.org; Mon, 31 Jul 2000 11:27:55 -0700 (PDT) Message-Id: <200007311827.LAA01738@fraser.sfu.ca> Subject: syslogd -s -a xxx on 4.1-RELEASE? To: questions@FreeBSD.org Date: Mon, 31 Jul 2000 11:27:54 -0700 (PDT) X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Am I making an obvious mistake or is the -a option to syslog broken? On a 4.1-RELEASE machine I'm attempting to log from the network to /data/local1 to 6. This has been working (modulo syslog dying, which is part of the reason for the upgrade) without the -s -a options to syslogd and still does if I start syslogd without those options. This is the syslog.conf file (for all tests): loghost# cat /etc/syslog.conf # $FreeBSD: src/etc/syslog.conf,v 1.13 2000/02/08 21:57:28 rwatson Exp $ # # Spaces are NOT valid field separators in this file. # Consult the syslog.conf(5) manpage. *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security mail.info /var/log/maillog lpr.info /var/log/lpd-errs cron.* /var/log/cron *.err root *.notice;news.err root *.alert root *.emerg * local1.debug /data/local1 local2.debug /data/local2 local3.debug /data/local3 local4.debug /data/local4 local5.debug /data/local5 local6.debug /data/local6 # uncomment this to enable logging of all log messages to /var/log/all.log #*.* /var/log/all.log # uncomment this to enable logging to a remote loghost named loghost #*.* @loghost # uncomment these if you're running inn # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice !startslip *.* /var/log/slip.log !ppp *.* /var/log/ppp.log A syslogd with -s -a and debug (no logging to the local* files occurs although local logging does): loghost# !ps ps auxw | grep syslog loghost# syslogd -s -a '142.58.47.0/24:*' -d off & running.... init cfline("*.err;kern.debug;auth.notice;mail.crit /dev/console", f, "*") cfline("*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages", f, "*") cfline("security.* /var/log/security", f, "*") cfline("mail.info /var/log/maillog", f, "*") cfline("lpr.info /var/log/lpd-errs", f, "*") cfline("cron.* /var/log/cron", f, "*") cfline("*.err root", f, "*") cfline("*.notice;news.err root", f, "*") cfline("*.alert root", f, "*") cfline("*.emerg *", f, "*") cfline("local1.debug /data/local1", f, "*") cfline("local2.debug /data/local2", f, "*") cfline("local3.debug /data/local3", f, "*") cfline("local4.debug /data/local4", f, "*") cfline("local5.debug /data/local5", f, "*") cfline("local6.debug /data/local6", f, "*") cfline("*.* /var/log/slip.log", f, "startslip") cfline("*.* /var/log/ppp.log", f, "ppp") 7 3 2 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console 7 5 2 5 5 5 6 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages X X X X X X X X X X X X X 8 X X X X X X X X X X X FILE: /var/log/security X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X USERS: root, 5 5 5 5 5 5 5 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: root, 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: root, 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: X X X X X X X X X X X X X X X X X 7 X X X X X X X FILE: /data/local1 X X X X X X X X X X X X X X X X X X 7 X X X X X X FILE: /data/local2 X X X X X X X X X X X X X X X X X X X 7 X X X X X FILE: /data/local3 X X X X X X X X X X X X X X X X X X X X 7 X X X X FILE: /data/local4 X X X X X X X X X X X X X X X X X X X X X 7 X X X FILE: /data/local5 X X X X X X X X X X X X X X X X X X X X X X 7 X X FILE: /data/local6 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/slip.log (startslip) 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/ppp.log (ppp) logmsg: pri 56, flags 4, from loghost, msg syslogd: restart syslogd: restarted logmsg: pri 46, flags 0, from loghost, msg Jul 31 11:22:28 sshd[254]: Accepted password for vanepp from 142.58.1.8 port 2653 logmsg: pri 15, flags 0, from loghost, msg Jul 31 11:22:38 vanepp: test Logging to FILE /var/log/messages Logging to USERS ^Csyslogd: exiting on signal 2 syslogd: exiting on signal 2 logmsg: pri 53, flags 4, from loghost, msg syslogd: exiting on signal 2 Logging to CONSOLE /dev/console Logging to FILE /var/log/messages Logging to USERS Logging to USERS And a successful syslogd invocation (successful but undesirable!): loghost# !ps ps auxw | grep syslog loghost# syslogd -d off & running.... init cfline("*.err;kern.debug;auth.notice;mail.crit /dev/console", f, "*") cfline("*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages", f, "*") cfline("security.* /var/log/security", f, "*") cfline("mail.info /var/log/maillog", f, "*") cfline("lpr.info /var/log/lpd-errs", f, "*") cfline("cron.* /var/log/cron", f, "*") cfline("*.err root", f, "*") cfline("*.notice;news.err root", f, "*") cfline("*.alert root", f, "*") cfline("*.emerg *", f, "*") cfline("local1.debug /data/local1", f, "*") cfline("local2.debug /data/local2", f, "*") cfline("local3.debug /data/local3", f, "*") cfline("local4.debug /data/local4", f, "*") cfline("local5.debug /data/local5", f, "*") cfline("local6.debug /data/local6", f, "*") cfline("*.* /var/log/slip.log", f, "startslip") cfline("*.* /var/log/ppp.log", f, "ppp") 7 3 2 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console 7 5 2 5 5 5 6 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages X X X X X X X X X X X X X 8 X X X X X X X X X X X FILE: /var/log/security X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X USERS: root, 5 5 5 5 5 5 5 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: root, 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: root, 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: X X X X X X X X X X X X X X X X X 7 X X X X X X X FILE: /data/local1 X X X X X X X X X X X X X X X X X X 7 X X X X X X FILE: /data/local2 X X X X X X X X X X X X X X X X X X X 7 X X X X X FILE: /data/local3 X X X X X X X X X X X X X X X X X X X X 7 X X X X FILE: /data/local4 X X X X X X X X X X X X X X X X X X X X X 7 X X X FILE: /data/local5 X X X X X X X X X X X X X X X X X X X X X X 7 X X FILE: /data/local6 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/slip.log (startslip) 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/ppp.log (ppp) logmsg: pri 56, flags 4, from loghost, msg syslogd: restart syslogd: restarted cvthname(142.58.47.253) logmsg: pri 217, flags 0, from annex8k1, msg radlog[1285]: Sent RADIUS Accounting-Request to 142.58.103.2 Logging to FILE /data/local1 cvthname(142.58.47.253) logmsg: pri 217, flags 0, from annex8k1, msg radlog[1285]: Received RADIUS Accounting-Response from 142.58.103.2 Logging to FILE /data/local1 cvthname(142.58.47.252) logmsg: pri 226, flags 0, from annex8k2, msg ppp[21844]: ppp:asy31:LCP Closing LCP Logging to FILE /data/local2 Logging to FILE /var/log/ppp.log cvthname(142.58.47.252) logmsg: pri 226, flags 0, from annex8k2, msg ppp[21844]: ppp:asy31:remote_close Logging to FILE /data/local2 Logging to FILE /var/log/ppp.log ... Logging to FILE /data/local2 ^Csyslogd: exiting on signal 2 syslogd: exiting on signal 2 logmsg: pri 53, flags 4, from loghost, msg syslogd: exiting on signal 2 Logging to CONSOLE /dev/console Logging to FILE /var/log/messages Logging to USERS Logging to USERS So, have I misconfigured it or is it broken? Peter Van Epp / Operations and Technical Support Simon Fraser University, Burnaby, B.C. Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message