Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 24 Jun 2013 09:28:52 -0700
From:      Michael Sierchio <kudzu@tenebras.com>
To:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: auth.notice on syslog server
Message-ID:  <CAHu1Y70o4znN5kJ6q7tRcoQCpoVpCHv2=9gJxEVQu3Dyq0YarA@mail.gmail.com>
In-Reply-To: <A3876859FBFA134BBEB7A9ADE583EC1D1F9472EED5@SPR-EXC01.onprvp.fgov.be>
References:  <A3876859FBFA134BBEB7A9ADE583EC1D1F9472EED5@SPR-EXC01.onprvp.fgov.be>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Mon, Jun 24, 2013 at 5:35 AM, SWENNEN Rudi
<Rudi.SWENNEN@onprvp.fgov.be> wrote:
> Hello FreeBSD-list,
>
> I have the following two freebsd systems/servers: a server and a client. The syslog of the client is send to the server.
> I was wondering why the auth.notice entry on my server is generating a syslog entry (/dev/console) when I change to root on the client:
> Jun 24 12:01:38 SERVER kernel: Jun 24 12:00:32 CLIENT su: rudi to root on /dev/ttyv0
>
> Is there a way to "limit" the auth-facility not to log via syslog if the entry in generated from a remote system?

Yes, on the host that sends the logs.
E.g.,

auth.*,authpriv.*:      /var/log/auth
console.*,cron.*,daemon.*,kern.*,mail.*,ntp.*,security.*,syslog.*,user.*,local.*:
    @loghost



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAHu1Y70o4znN5kJ6q7tRcoQCpoVpCHv2=9gJxEVQu3Dyq0YarA>