From owner-freebsd-security@FreeBSD.ORG  Thu Jan 22 22:36:11 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EB37816A4CE
	for <freebsd-security@freebsd.org>;
	Thu, 22 Jan 2004 22:36:10 -0800 (PST)
Received: from mgr2.xmission.com (mgr2.xmission.com [198.60.22.202])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EB6C843D1D
	for <freebsd-security@freebsd.org>;
	Thu, 22 Jan 2004 22:36:08 -0800 (PST)
	(envelope-from glewis@eyesbeyond.com)
Received: from [198.60.22.208] (helo=mx2.xmission.com)
	by mgr2.xmission.com with esmtp (Exim 3.35 #1)
	id 1AjuvI-0005zl-02; Thu, 22 Jan 2004 23:36:08 -0700
Received: from [207.135.128.145] (helo=misty.eyesbeyond.com)
	by mx2.xmission.com with esmtp (Exim 4.22)
	id 1AjuvG-0003yW-SI; Thu, 22 Jan 2004 23:36:07 -0700
Received: from misty.eyesbeyond.com (localhost.eyesbeyond.com [127.0.0.1])
	i0N6a3N2054302;	Thu, 22 Jan 2004 23:36:04 -0700 (MST)
	(envelope-from glewis@eyesbeyond.com)
Received: (from glewis@localhost)
	by misty.eyesbeyond.com (8.12.10/8.12.10/Submit) id i0N6a12w054301;
	Thu, 22 Jan 2004 23:36:01 -0700 (MST)
	(envelope-from glewis@eyesbeyond.com)
X-Authentication-Warning: misty.eyesbeyond.com: glewis set sender to
	glewis@eyesbeyond.com using -f
Date: Thu, 22 Jan 2004 23:36:01 -0700
From: Greg Lewis <glewis@eyesbeyond.com>
To: Karyn Williams <karyn@calarts.edu>
Message-ID: <20040123063601.GA54262@misty.eyesbeyond.com>
References: <3.0.1.32.20040122140044.024783ac@muse.calarts.edu>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <3.0.1.32.20040122140044.024783ac@muse.calarts.edu>
User-Agent: Mutt/1.4.1i
Content-Type: text/plain; charset=us-ascii
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
	mx2.xmission.com
X-Spam-Level: 
X-Spam-Status: No, hits=-4.9 required=8.0 tests=BAYES_00 autolearn=no 
	version=2.61
X-SA-Exim-Mail-From: glewis@eyesbeyond.com
X-SA-Exim-Version: 3.1 (built Wed Aug 20 09:38:54 PDT 2003)
X-SA-Exim-Scanned: Yes
cc: freebsd-security@freebsd.org
Subject: Re: log messages to a specific file
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jan 2004 06:36:11 -0000

On Thu, Jan 22, 2004 at 02:00:44PM -0800, Karyn Williams wrote:
> I am trying to configure syslog.conf to send messages from one of my hosts
> to a select file for that host. The host is currently sending messages to
> the syslog server and they are being logged but I would like to have all
> the messages from this host go to a separate file. FreeBSD 4.9-RELEASE
> 
> # $FreeBSD: src/etc/syslog.conf,v 1.13.2.4 2003/05/12 13:59:23 yar Exp $
> #
> #      Spaces ARE valid field separators in this file. However,
> #      other *nix-like systems still insist on using tabs as field
> #      separators. If you are sharing this file between systems, you
> #      may want to use only tabs as field separators here.
> #      Consult the syslog.conf(5) manpage.
> *.err;kern.debug;auth.notice;mail.crit          /dev/console
> *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
> /var/log/messages
> +caioa.calarts.edu*.*                           /var/log/caioa.log
>      <------- this is the line I need help with

Looking at the syslog.conf man page, I would guess you need to put
two lines like this at the end of your file:

+caioa.calarts.edu
*.*						/var/log/caioa.log

If those two lines aren't at the end then you need to reset the hostname
specification with a 

+*

line immediately following those two lines.  Note this is all just
looking at the man page, I haven't tried it :).

> security.*                                      /var/log/security
> auth.info;authpriv.info                         /var/log/auth.log
> mail.info                                       /var/log/maillog
> lpr.info                                        /var/log/lpd-errs
> cron.*                                  /var/log/cron
> *.emerg                                         *
> # uncomment this to log all writes to /dev/console to /var/log/console.log
> #console.info                                   /var/log/console.log
> # uncomment this to enable logging of all log messages to /var/log/all.log
> # touch /var/log/all.log and chmod it to mode 600 before it will work
> *.*                                     /var/log/all.log
> # uncomment this to enable logging to a remote loghost named loghost
> #*.*                                    @loghost
> 
> The file /var/log/caioa.log exists and is 600. I got the syntax off a web
> page, but it is not working for me and I don't see anything in the man page
> that expalins how to do it. 

Look at the paragraph which starts "A program specification is a line...".
Further on in that paragraph it mentions hostname specifications.  It would
probably be worthwhile putting a host example in the EXAMPLES section too.

-- 
Greg Lewis                          Email   : glewis@eyesbeyond.com
Eyes Beyond                         Web     : http://www.eyesbeyond.com
Information Technology              FreeBSD : glewis@FreeBSD.org