From owner-freebsd-hackers  Sun Jun  4 01:24:34 1995
Return-Path: hackers-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id BAA02871
          for hackers-outgoing; Sun, 4 Jun 1995 01:24:34 -0700
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id BAA02853
          for <freebsd-hackers@FreeBSD.ORG>; Sun, 4 Jun 1995 01:24:25 -0700
Received: from sax.sax.de by irz301.inf.tu-dresden.de with SMTP
	(5.67b+/DEC-Ultrix/4.3) id AA21595; Sun, 4 Jun 1995 10:24:22 +0200
Received: by sax.sax.de (8.6.12/8.6.12-s1) with UUCP
	id KAA28864; Sun, 4 Jun 1995 10:24:21 +0200
Received: (from j@localhost) by uriah.heep.sax.de (8.6.11/8.6.9) id JAA26314; Sun, 4 Jun 1995 09:10:56 +0200
From: J Wunsch <j@uriah.heep.sax.de>
Message-Id: <199506040710.JAA26314@uriah.heep.sax.de>
Subject: Re: Debug messages
To: temp@temptation.interlog.com (Temptation)
Date: Sun, 4 Jun 1995 09:10:55 +0200 (MET DST)
Cc: freebsd-hackers@FreeBSD.ORG
In-Reply-To: <Pine.3.89.9506040212.A18580-0100000@temptation.interlog.com> from "Temptation" at Jun 4, 95 02:28:01 am
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
X-Phone: +49-351-2012 669
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Content-Length: 1215      
Sender: hackers-owner@FreeBSD.ORG
Precedence: bulk

As Temptation wrote:
> 
> 
> Call me stupid, but how the hell do I turn these messages off???
> I've already done  the install, and now I'm getting messages like
> 
> Jun 4 02:24:24 main login: ROOT LOGIN (root) on ttyyv1
> Jun 4 02:24:24 main login: ROOT LOGIN (root) on ttyyv1
> Jun 4 02:24:24 main login: login  on ttyyv1 as root
> Jun 4 02:25:40 main login: login  on ttyyv2 as temp
> once is bad enough, but to tell you 3 times the same thing is a bit over 
> kill no???

To avoid the login log for each normal user, rebuild your login
program with the -DLOGALL unset in the Makefile.

The remainder is a question of how you're configuring syslog.  The
appropriate line from syslogd.conf is:

*.notice;kern.debug;lpr,auth.info;mail.crit     /var/log/messages

You've got the first one twice, since it matches either *.notice and
auth.info (it's done at auth.notice level).

Lines 3 and 4 are the LOGALL messages, and are done at auth.info level
only.  I'm personally gathering them into a different file, and scan
them every night for security-relevant information.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/
Never trust an operating system you don't have sources for. ;-)