From owner-freebsd-questions@FreeBSD.ORG Thu Jun 14 18:24:57 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0910F16A400 for ; Thu, 14 Jun 2007 18:24:57 +0000 (UTC) (envelope-from bcook@poughkeepsieschools.org) Received: from a.outbound.bsdwebsolutions.com (a.outbound.bsdwebsolutions.com [64.72.68.2]) by mx1.freebsd.org (Postfix) with ESMTP id CB7D413C45B for ; Thu, 14 Jun 2007 18:24:56 +0000 (UTC) (envelope-from bcook@poughkeepsieschools.org) Received: from mail.bsdwebsolutions.com ([64.72.68.15]) by a.outbound.bsdwebsolutions.com with esmtps (TLSv1:AES256-SHA:256) (BSD Web Solutions, Inc.) (envelope-from ) id 1Hyu07-000Cfy-RC for freebsd-questions@freebsd.org; Thu, 14 Jun 2007 14:24:55 -0400 Received: from [64.72.66.117] (helo=mail.poughkeepsieschools.org) by mail.bsdwebsolutions.com with esmtps (TLSv1:AES256-SHA:256) (BSD WebSolutions, Inc.) (envelope-from ) id 1Hyu07-0007Rn-J5 for freebsd-questions@freebsd.org ; Thu, 14 Jun 2007 14:24:55 -0400 Received: from [10.20.0.10] (port=57480 helo=macpro-pcsd.techcentral.local) by mail.poughkeepsieschools.org with esmtpsa (TLSv1:AES256-SHA:256) (BSD WebSolutions, Inc.) (envelope-from ) id 1Hyu07-000HgL-E4 for freebsd-questions@freebsd.org (authenticated as bcook@poughkeepsieschools.org); Thu, 14 Jun 2007 14:24:55 -0400 X-BSD-Virus-Check: ClamAV 0.90.2/3419 on mail.poughkeepsieschools.org; Thu, 14 Jun 2007 14:24:55 -0400 Message-ID: <467187FC.30104@poughkeepsieschools.org> Date: Thu, 14 Jun 2007 14:25:00 -0400 From: "B. Cook" User-Agent: Thunderbird 2.0.0.0 (Macintosh/20070326) MIME-Version: 1.0 To: FreeBSD Questions Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: syslog.conf questions.. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jun 2007 18:24:57 -0000 Hello all, I am trying to have different cisco routers log to a different log file. The log file is located on a 6.2 box running the stock syslogd. For what it is worth I have nine of these, only three are shown syslogd is running with -n -vv -d at the moment.. I did not have to specify -a 10.20.250.54:* to allow it to log.. (is that part of the problem..?) But the question is.. I do get logs from the respective hosts in the log files that I have specified, but I do not understand why syslogd is also catching them in the original local7.* /var/log/router/3620.log when as far as I can tell they are setup correctly. below is the relevant portions of the syslog.conf. [~]# 18 > egrep -v "#" /etc/syslog.conf | cat -n 1 2 +10.20.250.54 3 *.* /var/log/router/circle.log 4 -10.20.250.54 5 6 +10.20.250.42 7 *.* /var/log/router/columbus.log 8 -10.20.250.42 9 10 +10.20.250.38 11 *.* /var/log/router/clinton.log 12 -10.20.250.38 13 14 +10.20.0.10 15 *.* /var/log/router/tcentral.log 16 -10.20.0.10 17 18 *.err;kern.warning;auth.notice;mail.crit /dev/console 19 *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages 20 security.* /var/log/security 21 auth.info;authpriv.info /var/log/auth.log 22 mail.info /var/log/maillog 23 lpr.info /var/log/lpd-errs 24 ftp.info /var/log/xferlog 25 local7.* /var/log/router/3620.log 26 cron.* /var/log/cron 27 *.=debug /var/log/debug.log 28 *.emerg * 29 !startslip 30 *.* /var/log/slip.log 31 !ppp 32 *.* /var/log/ppp.log and with syslogd in debug mode I see this: and tcvthname(10.20.250.38) logmsg: pri 276, flags 0, from 10.20.250.38, msg 1262: Jun 14 18:13:04.770: %SEC-6-IPACCESSLOGP: list 2044 denied udp 10.20.18.28(1039) -> 10.20.0.212(161), 1 packet Logging to FILE /var/log/router/clinton.log Logging to FILE /var/log/router/3620.log cvthname(10.20.250.42) logmsg: pri 276, flags 0, from 10.20.250.42, msg 68: Jun 14 18:13:04.835: %SEC-6-IPACCESSLOGP: list 2044 denied udp 10.20.8.57(1040) -> 10.20.3.60(161), 4 packets Logging to FILE /var/log/router/columbus.log Logging to FILE /var/log/router/3620.log I do not understand why the local7.* is still getting caught.. From what I understood from the man page, the - tells it to stop logging from that host. Whatever the last 'host' entry is in the syslog.conf that host will not log into both files. from the 10.20.0.10 host I have configured syslog: local7.* @10.20.0.29 and when I run logger: date | logger -p local7.debug cvthname(10.20.0.10) logmsg: pri 277, flags 0, from 10.20.0.10, msg Jun 14 14:21:03 bcook: Thu Jun 14 14:21:03 EDT 2007 Logging to FILE /var/log/router/tcentral.log I get what I think I should.. Why do the previous entries not act the same as the last one? What am I missing?