Date: Sun, 13 Jan 2002 09:31:47 -0600 From: Len Conrad <LConrad@Go2France.com> To: Freebsd-isp@freebsd.org Subject: tuning syslog.conf Message-ID: <5.1.0.14.2.20020113090238.01f03ff8@mail.Go2France.com>
next in thread | raw e-mail | index | archive | help
We've got a gateway machine to which we're adding Bennett Todd's
pop-before-smtp dynamic really access control.
The mailboxes and pop logins are on an Imail machine whose pop daemon is
logging to the syslog server on FreeBSD4.4R running postfix (IMGate). To
use the smallest possible file for tailing, we've set up a !POP3D section
in syslog.conf and log Imail POP3D to a file (successfully), but the POP3D
messages are also logged to /var/log/messages. I can't see by what
facility that's happening and so can't turn it off. Here's the -d output:
# syslogd -d -4
listening on inet and/or inet6 socket
sending on inet and/or inet6 socket
off & running....
init
cfline("*.err;kern.debug;auth.notice;mail.crit /dev/console", f,
"*", "*")
cfline("*.notice;kern.debug;lpr.info;mail.crit;news.err;
/var/log/messages", f, "*", "*")
cfline("security.* /var/log/security",
f, "*", "*")
cfline("mail.info /var/log/maillog",
f, "*", "*")
cfline("lpr.info /var/log/lpd-errs",
f, "*", "*")
cfline("cron.* /var/log/cron", f,
"*", "*")
cfline("*.err root", f, "*", "*")
cfline("*.notice;news.err root", f, "*", "*")
cfline("*.alert root", f, "*", "*")
cfline("*.emerg *", f, "*", "*")
cfline("*.* /var/log/slip.log",
f, "startslip", "*")
cfline("*.* /var/log/ppp.log",
f, "ppp", "*")
cfline("*.* /var/log/poplog",
f, "POP3D", "*")
cfline("*.none /var/log/messages",
f, "POP3D", "*")
7 3 2 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console
7 5 2 5 5 5 6 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages
X X X X X X X X X X X X X 8 X X X X X X X X X X X FILE: /var/log/security
X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog
X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs
X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron
3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X USERS: root,
5 5 5 5 5 5 5 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: root,
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: root,
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL:
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/slip.log
(startslip)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/ppp.log (ppp)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/poplog (POP3D)
X X X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/messages
(POP3D)
logmsg: pri 56, flags 4, from lc2, msg syslogd: restart
syslogd: restarted
logmsg: pri 166, flags 17, from lc2, msg Jan 13 09:11:55 lc2 syslogd:
exiting on signal 2
cvthname(212.73.210.73)
logmsg: pri 15, flags 0, from ms1.meiway.com, msg POP3D (000001D7) logon
success for LConrad mail.Go2France.com from 66.64.14.18
Logging to FILE /var/log/messages
Logging to USERS
Logging to FILE /var/log/poplog
How do we stop POP3D from going to messages?
2. For a little ACL, when I add an "allowed peer" option (
ipaddr/masklen[:service] ) to the above syslog command "-a
212.73.210.73/24", the -d output becomes:
# syslogd -d -4 -a 212.73.210.73
allowaddr: rule 0: numeric, addr = 212.73.210.0, mask = 255.255.255.0; port
= 514
listening on inet and/or inet6 socket
sending on inet and/or inet6 socket
off & running....
and all syslog messages from 212.73.210.73 get this treatment:
cvthname(212.73.210.73)
validate: dgram from IP 212.73.210.73, port 3506, name ms1.meiway.com;
rejected in rule 0 due to port mismatch.
ok, so we use "-a 212.73.210.73/24:*" and get:
# syslogd -d -4 -a 212.73.210.73:*
syslogd: No match.
I've been all over man 3 and man 8 for syslogd, syslog, syslcon.conf and
can't figure out what we're doing wrong in 2., or how to do 1.
Thanks
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20020113090238.01f03ff8>