From owner-freebsd-questions@FreeBSD.ORG  Fri May  2 16:32:11 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F3C3E37B401
	for <freebsd-questions@freebsd.org>;
	Fri,  2 May 2003 16:32:10 -0700 (PDT)
Received: from franky.speednet.com.au (franky.speednet.com.au [203.57.65.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B956943FAF
	for <freebsd-questions@freebsd.org>;
	Fri,  2 May 2003 16:32:09 -0700 (PDT)
	(envelope-from andyf@speednet.com.au)
Received: from hewey.af.speednet.com.au (hewey.af.speednet.com.au
	[203.38.96.242])h42NW7Uv090779;	Sat, 3 May 2003 09:32:08 +1000 (EST)
	(envelope-from andyf@speednet.com.au)
Received: from hewey.af.speednet.com.au (hewey.af.speednet.com.au
	[172.22.2.17])h42NW3g9067281;	Sat, 3 May 2003 09:32:06 +1000 (EST)
	(envelope-from andyf@speednet.com.au)
Date: Sat, 3 May 2003 09:32:03 +1000 (EST)
From: Andy Farkas <andyf@speednet.com.au>
X-X-Sender: andyf@hewey.af.speednet.com.au
To: Antoine Jacoutot <ajacoutot@lphp.org>
In-Reply-To: <200305021405.02663.ajacoutot@lphp.org>
Message-ID: <20030503092403.C67119-100000@hewey.af.speednet.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-questions@freebsd.org
Subject: Re: syslogd facility
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 May 2003 23:32:11 -0000

On Fri, 2 May 2003, Antoine Jacoutot wrote:

> I am trying to log the accesses to my webmail system.
> It works nice except that I get logs twice: ionce in /var/log/horde.log, which
> is OK and one in /var/log/messages which I don't want.
>
> My syslog.conf contains this lines:
>
> *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
> [...]
> !HORDE
> *.*	/var/log/horde.log
>
> So I though I wouls tweak the line concerning /var/log/messages, which I did:
> *.notice;kern.debug;lpr.info;mail.crit;news.err;HORDE.none /var/log/messages
>
> >From now, it does not log to /var/log/messages anymore, but when I kill -HUP
> syslogd, I get this message:
> syslogd: unknown facility name "HORDE"
>
> ... well, indeed, syslogd is right.
>
> So does anyone know how I could do what I want ?
> Meaning logging accesses to my webmail --> /var/log/horde.log only
>
> Thanks in advance?
>
> Antoine

I can suggest two things. 1/ run syslogd with -vv flags. This will show
what level/facility messages have. 2/ log everything to /var/log/all.log
by uncommenting the line in /etc/syslog.conf. Now you can tail -f and
watch what gets logged.

Also, read "man syslog.conf" very carefully.

Hope that helps.

--

 :{ andyf@speednet.com.au

        Andy Farkas
    System Administrator
   Speednet Communications
 http://www.speednet.com.au/