From owner-freebsd-questions@FreeBSD.ORG Thu May 22 14:49:00 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D92E37B401 for ; Thu, 22 May 2003 14:49:00 -0700 (PDT) Received: from franky.speednet.com.au (franky.speednet.com.au [203.57.65.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED77443F85 for ; Thu, 22 May 2003 14:48:58 -0700 (PDT) (envelope-from andyf@speednet.com.au) Received: from hewey.af.speednet.com.au (hewey.af.speednet.com.au [203.38.96.242])h4MLmjZ3033013; Fri, 23 May 2003 07:48:45 +1000 (EST) (envelope-from andyf@speednet.com.au) Received: from hewey.af.speednet.com.au (hewey.af.speednet.com.au [172.22.2.1])h4MLmhYm013469; Fri, 23 May 2003 07:48:44 +1000 (EST) (envelope-from andyf@speednet.com.au) Date: Fri, 23 May 2003 07:48:42 +1000 (EST) From: Andy Farkas X-X-Sender: andyf@hewey.af.speednet.com.au To: Mark In-Reply-To: <200305221809.H4MI9SGZ028102@asarian-host.net> Message-ID: <20030523074214.T13191-100000@hewey.af.speednet.com.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-questions@freebsd.org Subject: Re: Syslog from external machine X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 May 2003 21:49:00 -0000 On Thu, 22 May 2003, Mark wrote: > > Go into /etc/syslog.conf and uncomment the `*.* /var/log/all.log > > line. touch /var/log/all.log and restart syslogd. > > > > Now you can monitor all messages sent to syslogd. > > Indeed, this now works. :) But I get a LOT of messages in /var/log/all.log! > Is there not a way I can log 'the rest'? See, now I have something like: > > ... > mail.info /var/log/maillog > lpr.info /var/log/lpd-errs > cron.* /var/log/cron > *.err root > *.notice;news.err root > *.alert root > *.emerg * > *.* /var/log/router.log > > But what I would really want is: "Everything which is not covered by any of > the above, log to /var/log/router.log". Something like: "!*.*". Well, you > know what I mean. Try this command: man syslogd > If that is not possible, is there a way I can determine to what syslog > facility the router is logging? (like "mail.crit" or something). I always run syslogd with -vv flag.... ps. sorry about being terse - but thats what man pages are for...if you need more help after reading the man page, ask then... -- :{ andyf@speednet.com.au Andy Farkas System Administrator Speednet Communications http://www.speednet.com.au/