From owner-freebsd-questions  Fri Aug 27  5:57:53 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from vax1.baker.ie (VAX1.baker.IE [194.125.50.91])
	by hub.freebsd.org (Postfix) with SMTP id 86D1A14D5D
	for <freebsd-questions@freebsd.org>; Fri, 27 Aug 1999 05:57:50 -0700 (PDT)
	(envelope-from cillian@baker.ie)
Received: from baker.ie ([194.125.50.55]) by vax1.baker.ie with ESMTP;
          Fri, 27 Aug 1999 14:03:13 +0100
Message-ID: <37C68802.6FEA0877@baker.ie>
Date: Fri, 27 Aug 1999 13:43:46 +0100
From: Cillian Sharkey <cillian@baker.ie>
X-Mailer: Mozilla 4.6 [en] (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Michael D. Harlan" <r3mdh@rworld.org>
Cc: freebsd-questions@freebsd.org
Subject: Re: syslog - logging to remote machine
References: <19990827054224.A6165@rworld.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

First of all, read these two man pages on FreeBSD:
syslogd(8) and syslog.conf(5)
they contain all the info you need..

> First of all, I assume we're going to need some firewall modifications
> made to ipfw. What port does syslogd use to log it's messages to the
> remote machine? Also, TCP or UDP?  or both?

syslog uses UDP port 514. You'll need to make sure that barney
can send out on UDP/514 and andy can receive in on UDP/514 and
that any firewall lets the packets through..
 
> Now, I've read in a couple of places (but not everywhere) that we'll need
> a file called /etc/syslog.auth on andy.  No where have I seen the syntax
> of this file.  Am I correct to assume it's:

the syslog man page on FreeBSD does not mention this file
anywhere..might
have been for a different 'brand' of syslogd..

running syslogd with the '-a' option followed by the IP address
of barney should do the trick (I think)
 
> [barney:/etc/syslog.conf]
> *.notice;kern.debug;lpr.info;mail.crit;news.err         @andy

that looks ok.
 
> Should there be any changes to andy's /etc/syslog.conf?  How can I have
> andy tell which logs are HIS and which are BARNEY'S?  (Example: if I want
> andy's messages to be written to /var/log/messages.andy and barney's
> written to /var/log/messages.barney)

syslog messages always by default include the machine name that the log
message came from (just after the time+date field), so there's no
explicit
need to seperate into two log files.

I don't know if syslogd will let you filter on machine name (again
consult
the syslog.conf man page) You could always redirect all messages into
one file
and then write a script to split it up...

Hope this helps,
Cillian


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message