From owner-freebsd-hackers Mon Apr 7 06:06:08 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id GAA12910 for hackers-outgoing; Mon, 7 Apr 1997 06:06:08 -0700 (PDT) Received: from ui-gate.utell.co.uk (ui-gate.utell.co.uk [194.200.4.253]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA12903 for ; Mon, 7 Apr 1997 06:05:50 -0700 (PDT) Received: from utell.co.uk (shift.utell.net [97.3.0.21]) by ui-gate.utell.co.uk (8.7.6/8.7.3) with ESMTP id OAA15454 for ; Mon, 7 Apr 1997 14:05:48 +0100 (BST) Received: (from brian@localhost) by utell.co.uk (8.8.5/8.8.5) id OAA10803; Mon, 7 Apr 1997 14:06:51 +0100 (BST) Date: Mon, 7 Apr 1997 14:06:51 +0100 (BST) Message-Id: <199704071306.OAA10803@utell.co.uk> Mime-Version: 1.0 X-Newsreader: knews 0.9.8 Reply-To: brian@awfulhak.org, brian@utell.co.uk Organization: Awfulhak Ltd. References: <5i7bo6$o1t$1@kayrad.ziplink.net> From: brian@utell.co.uk (Brian Somers) Subject: Re: syslogd watching other machine(s) Newsgroups: comp.unix.bsd.freebsd.misc Cc: freebsd-hackers@FreeBSD.org Content-Type: text/plain; charset=us-ascii Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk In article <5i7bo6$o1t$1@kayrad.ziplink.net>, mi@ALDAN.ziplink.net..remove-after-`net' (Mikhail Teterin) writes: > Hi! I have several Unix machines (FreeBSD and Irix), which I'd like > to set up to watch for other machine's log entries. Say, rtfm will > log aldan's messages and aldan will log rtfm's messages. > > Unfortunately, simply modifying /etc/syslogd.conf to send things to > @another_host on both system, causes cascades of messages: rtfm sends > the message to aldan, which bounces it back to rtfm right away. > Then, rtfm passes it to aldan again, and so on... syslogd has to be > restarted... > > The only solution I see for this, is to run two syslogd-s on each machine. > With different config files. One will send local messages out (run in > "safe" mode), another one -- logging remote messages. > > Can anyone think of a single process solution? Thanks! > > I think, syslogd has to have an option to operate in intelligent > mode -- recognise when the incoming message is about the localhost > and not log it (or, at least, not propagate it). > > -mi The problem with the two-process thing is that currently, I expect syslog will only write to the remote port that it listens to locally. I think a "[port]@machine" option for the config file would solve this - you'd still need two syslogd processes. Does anyone on hackers (cc'd there) have any comments/observations ? -- Brian Don't _EVER_ lose your sense of humour !