From owner-freebsd-security@FreeBSD.ORG Thu Jan 22 22:36:11 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB37816A4CE for ; Thu, 22 Jan 2004 22:36:10 -0800 (PST) Received: from mgr2.xmission.com (mgr2.xmission.com [198.60.22.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB6C843D1D for ; Thu, 22 Jan 2004 22:36:08 -0800 (PST) (envelope-from glewis@eyesbeyond.com) Received: from [198.60.22.208] (helo=mx2.xmission.com) by mgr2.xmission.com with esmtp (Exim 3.35 #1) id 1AjuvI-0005zl-02; Thu, 22 Jan 2004 23:36:08 -0700 Received: from [207.135.128.145] (helo=misty.eyesbeyond.com) by mx2.xmission.com with esmtp (Exim 4.22) id 1AjuvG-0003yW-SI; Thu, 22 Jan 2004 23:36:07 -0700 Received: from misty.eyesbeyond.com (localhost.eyesbeyond.com [127.0.0.1]) i0N6a3N2054302; Thu, 22 Jan 2004 23:36:04 -0700 (MST) (envelope-from glewis@eyesbeyond.com) Received: (from glewis@localhost) by misty.eyesbeyond.com (8.12.10/8.12.10/Submit) id i0N6a12w054301; Thu, 22 Jan 2004 23:36:01 -0700 (MST) (envelope-from glewis@eyesbeyond.com) X-Authentication-Warning: misty.eyesbeyond.com: glewis set sender to glewis@eyesbeyond.com using -f Date: Thu, 22 Jan 2004 23:36:01 -0700 From: Greg Lewis To: Karyn Williams Message-ID: <20040123063601.GA54262@misty.eyesbeyond.com> References: <3.0.1.32.20040122140044.024783ac@muse.calarts.edu> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: <3.0.1.32.20040122140044.024783ac@muse.calarts.edu> User-Agent: Mutt/1.4.1i Content-Type: text/plain; charset=us-ascii X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on mx2.xmission.com X-Spam-Level: X-Spam-Status: No, hits=-4.9 required=8.0 tests=BAYES_00 autolearn=no version=2.61 X-SA-Exim-Mail-From: glewis@eyesbeyond.com X-SA-Exim-Version: 3.1 (built Wed Aug 20 09:38:54 PDT 2003) X-SA-Exim-Scanned: Yes cc: freebsd-security@freebsd.org Subject: Re: log messages to a specific file X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jan 2004 06:36:11 -0000 On Thu, Jan 22, 2004 at 02:00:44PM -0800, Karyn Williams wrote: > I am trying to configure syslog.conf to send messages from one of my hosts > to a select file for that host. The host is currently sending messages to > the syslog server and they are being logged but I would like to have all > the messages from this host go to a separate file. FreeBSD 4.9-RELEASE > > # $FreeBSD: src/etc/syslog.conf,v 1.13.2.4 2003/05/12 13:59:23 yar Exp $ > # > # Spaces ARE valid field separators in this file. However, > # other *nix-like systems still insist on using tabs as field > # separators. If you are sharing this file between systems, you > # may want to use only tabs as field separators here. > # Consult the syslog.conf(5) manpage. > *.err;kern.debug;auth.notice;mail.crit /dev/console > *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err > /var/log/messages > +caioa.calarts.edu*.* /var/log/caioa.log > <------- this is the line I need help with Looking at the syslog.conf man page, I would guess you need to put two lines like this at the end of your file: +caioa.calarts.edu *.* /var/log/caioa.log If those two lines aren't at the end then you need to reset the hostname specification with a +* line immediately following those two lines. Note this is all just looking at the man page, I haven't tried it :). > security.* /var/log/security > auth.info;authpriv.info /var/log/auth.log > mail.info /var/log/maillog > lpr.info /var/log/lpd-errs > cron.* /var/log/cron > *.emerg * > # uncomment this to log all writes to /dev/console to /var/log/console.log > #console.info /var/log/console.log > # uncomment this to enable logging of all log messages to /var/log/all.log > # touch /var/log/all.log and chmod it to mode 600 before it will work > *.* /var/log/all.log > # uncomment this to enable logging to a remote loghost named loghost > #*.* @loghost > > The file /var/log/caioa.log exists and is 600. I got the syntax off a web > page, but it is not working for me and I don't see anything in the man page > that expalins how to do it. Look at the paragraph which starts "A program specification is a line...". Further on in that paragraph it mentions hostname specifications. It would probably be worthwhile putting a host example in the EXAMPLES section too. -- Greg Lewis Email : glewis@eyesbeyond.com Eyes Beyond Web : http://www.eyesbeyond.com Information Technology FreeBSD : glewis@FreeBSD.org