From owner-freebsd-security Thu Dec 3 10:21:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA04142 for freebsd-security-outgoing; Thu, 3 Dec 1998 10:21:21 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from tgn2.tgn.net (tgn2.tgn.net [205.241.85.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA04135 for ; Thu, 3 Dec 1998 10:21:19 -0800 (PST) (envelope-from butlermd@tgn.net) Received: from dial64.brazoria.tgn.net (dial64.brazoria.tgn.net [207.43.27.94]) by tgn2.tgn.net (8.8.5/8.8.8) with SMTP id MAA05391 for ; Thu, 3 Dec 1998 12:21:01 -0600 (CST) From: butlermd@tgn.net (Michael Butler) To: security@FreeBSD.ORG Subject: Syslog.conf setup... Date: Thu, 03 Dec 1998 12:20:27 -0600 Organization: Texas GulfNet Reply-To: butlermd@tgn.net Message-ID: <366bd20f.60547965@mail.tgn.net> X-Mailer: Forte Agent 1.5/32.451 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id KAA04136 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Howdy, Reading the man pages and poking at the www and experimenting leaves me still confused on *just how* I can configure my syslog to separate logs by function. They grow at different rates and I want to use newsyslog (no man page tho I have a newsyslog.cf in /etc) to manage them. I want to de-complicate my messages file. Most often I watch my logs looking at either mail, ftp, popper, or whatever so I figger this way I can filter some of the noise... wish I could tail selected multiple files too... grumble grumble I see references to entries like this with the !program but don't see the difference from: ftp.* /var/log/ftpd -- and # Save ftpd transactions along with mail and news !ftpd *.* /var/log/spoolerr -- except for the log file name >From # man syslog.conf: "...blocks of lines separated by program specifications, with each line containing two fields: the selector field which specifies the types of messages and priorities..." ....hmmmm looking again, there's a difference between *facility* and *program* and the names ftp vs ftpd are expained. Still... it ain't logging what I expect it to. Any ideas on aq&d look at my file would be appreciated. ------------------- # cat /etc/syslog.conf # level ordered list (higher to lower): # emerg, alert, crit, err, warning, notice and debug *.err;kern.debug;auth.notice;mail.crit /dev/console *.warning;kern.debug;lpr,auth.info;mail.none /var/log/messages auth.*,authpriv.* /var/log/authlog ftp.* /var/log/ftpd finger.* /var/log/fingerd mail.*,popper.none /var/log/maillog popper.* /var/log/popper lpr.* /var/log/lpd cron.* /var/log/cron telnet.* /var/log/telnet *.emerg * #*.err * #*.alert * #*.notice;auth.debug * # # Entered 10/12/95 # local6.debug /home1/xyplex/local6.msg !startslip *.* /var/log/slip.log #+@+@+@+@+@++ # Save ftpd transactions along with mail and news #!ftpd #*.* /var/log/spoolerr TIA ____________________________________________________________ Michael Butler, Texas GulfNet, | www.tgn.net 908 South Brooks, PO Box 2089 | Brazoria, TX 77422-2089 | Voice 409-798-NETT Part of the Pointecom International| FAX 409-798-6398 Network and the Global Internet | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message