From owner-freebsd-isp  Sun Jan 13  7:32: 2 2002
Delivered-To: freebsd-isp@freebsd.org
Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75])
	by hub.freebsd.org (Postfix) with ESMTP id 5033737B417
	for <Freebsd-isp@freebsd.org>; Sun, 13 Jan 2002 07:31:52 -0800 (PST)
Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73])
	by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 5DA3116B13
	for <Freebsd-isp@freebsd.org>; Sun, 13 Jan 2002 16:31:50 +0100 (CET)
Received: from LenConrad.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP
  (SMTPD32-6.06) id AC5F6C401E8; Sun, 13 Jan 2002 16:48:47 +0100
Message-Id: <5.1.0.14.2.20020113090238.01f03ff8@mail.Go2France.com>
X-Sender: LConrad@Go2France.com@mail.Go2France.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Sun, 13 Jan 2002 09:31:47 -0600
To: Freebsd-isp@freebsd.org
From: Len Conrad <LConrad@Go2France.com>
Subject: tuning syslog.conf
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

We've got a gateway machine to which we're adding Bennett Todd's 
pop-before-smtp dynamic really access control.

The mailboxes and pop logins are on an Imail machine whose pop daemon is 
logging to the syslog server on FreeBSD4.4R running postfix (IMGate).  To 
use the smallest possible  file for tailing, we've set up a !POP3D section 
in syslog.conf and log Imail POP3D to a file (successfully), but the POP3D 
messages are also logged to /var/log/messages.  I can't see by what 
facility that's happening and so can't turn it off.  Here's the -d output:

# syslogd -d -4
listening on inet and/or inet6 socket
sending on inet and/or inet6 socket
off & running....
init
cfline("*.err;kern.debug;auth.notice;mail.crit          /dev/console", f, 
"*", "*")
cfline("*.notice;kern.debug;lpr.info;mail.crit;news.err; 
/var/log/messages", f, "*", "*")
cfline("security.*                                      /var/log/security", 
f, "*", "*")
cfline("mail.info                                       /var/log/maillog", 
f, "*", "*")
cfline("lpr.info                                        /var/log/lpd-errs", 
f, "*", "*")
cfline("cron.*                                          /var/log/cron", f, 
"*", "*")
cfline("*.err                                           root", f, "*", "*")
cfline("*.notice;news.err                               root", f, "*", "*")
cfline("*.alert                                         root", f, "*", "*")
cfline("*.emerg                                         *", f, "*", "*")
cfline("*.*                                             /var/log/slip.log", 
f, "startslip", "*")
cfline("*.*                                             /var/log/ppp.log", 
f, "ppp", "*")
cfline("*.*                                             /var/log/poplog", 
f, "POP3D", "*")
cfline("*.none                                          /var/log/messages", 
f, "POP3D", "*")
7 3 2 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console
7 5 2 5 5 5 6 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages
X X X X X X X X X X X X X 8 X X X X X X X X X X X FILE: /var/log/security
X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog
X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs
X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron
3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X USERS: root,
5 5 5 5 5 5 5 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: root,
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: root,
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL:
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/slip.log 
(startslip)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/ppp.log (ppp)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/poplog (POP3D)
X X X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/messages 
(POP3D)

logmsg: pri 56, flags 4, from lc2, msg syslogd: restart
syslogd: restarted
logmsg: pri 166, flags 17, from lc2, msg Jan 13 09:11:55 lc2 syslogd: 
exiting on signal 2
cvthname(212.73.210.73)
logmsg: pri 15, flags 0, from ms1.meiway.com, msg POP3D (000001D7) logon 
success for LConrad mail.Go2France.com from 66.64.14.18
Logging to FILE /var/log/messages
Logging to USERS
Logging to FILE /var/log/poplog

How do we stop POP3D from going to messages?

2.  For a little ACL, when I add an "allowed peer" option ( 
ipaddr/masklen[:service] ) to the above syslog command "-a 
212.73.210.73/24", the -d output becomes:

# syslogd -d -4 -a 212.73.210.73
allowaddr: rule 0: numeric, addr = 212.73.210.0, mask = 255.255.255.0; port 
= 514
listening on inet and/or inet6 socket
sending on inet and/or inet6 socket
off & running....

and all syslog messages from 212.73.210.73 get this treatment:

cvthname(212.73.210.73)
validate: dgram from IP 212.73.210.73, port 3506, name ms1.meiway.com;
rejected in rule 0 due to port mismatch.

ok, so we use "-a 212.73.210.73/24:*" and get:

# syslogd -d -4 -a 212.73.210.73:*
syslogd: No match.

I've been all over man 3 and man 8 for syslogd, syslog, syslcon.conf and 
can't figure out what we're doing wrong in 2., or how to do 1.

Thanks
Len


http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com  : Build free, hi-perf, anti-abuse mail gateways


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message