From owner-freebsd-hackers Mon Apr 7 09:22:57 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA21084 for hackers-outgoing; Mon, 7 Apr 1997 09:22:57 -0700 (PDT) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.50]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id JAA21071 for ; Mon, 7 Apr 1997 09:22:46 -0700 (PDT) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id JAA29943; Mon, 7 Apr 1997 09:03:41 -0700 From: Terry Lambert Message-Id: <199704071603.JAA29943@phaeton.artisoft.com> Subject: Re: syslogd watching other machine(s) To: brian@awfulhak.org, brian@utell.co.uk Date: Mon, 7 Apr 1997 09:03:41 -0700 (MST) Cc: freebsd-hackers@FreeBSD.org In-Reply-To: <199704071306.OAA10803@utell.co.uk> from "Brian Somers" at Apr 7, 97 02:06:51 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > > Hi! I have several Unix machines (FreeBSD and Irix), which I'd like > > to set up to watch for other machine's log entries. Say, rtfm will > > log aldan's messages and aldan will log rtfm's messages. > > > > Unfortunately, simply modifying /etc/syslogd.conf to send things to > > @another_host on both system, causes cascades of messages: rtfm sends > > the message to aldan, which bounces it back to rtfm right away. > > Then, rtfm passes it to aldan again, and so on... syslogd has to be > > restarted... > > > > The only solution I see for this, is to run two syslogd-s on each machine. > > With different config files. One will send local messages out (run in > > "safe" mode), another one -- logging remote messages. > > > > Can anyone think of a single process solution? Thanks! > > > > I think, syslogd has to have an option to operate in intelligent > > mode -- recognise when the incoming message is about the localhost > > and not log it (or, at least, not propagate it). > > The problem with the two-process thing is that currently, I expect > syslog will only write to the remote port that it listens to locally. > > I think a "[port]@machine" option for the config file would solve > this - you'd still need two syslogd processes. > > Does anyone on hackers (cc'd there) have any comments/observations ? Why are messages that come in from a non-local source being resent? If a machine is the loghost for another machine, it should not be permitted to delegate. If this is implemented, messages will not multihop, and the problem will go away without needing multiple processes or port options. Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.