Date: Thu, 14 Jun 2007 14:25:00 -0400 From: "B. Cook" <bcook@poughkeepsieschools.org> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: syslog.conf questions.. Message-ID: <467187FC.30104@poughkeepsieschools.org>
next in thread | raw e-mail | index | archive | help
Hello all,
I am trying to have different cisco routers log to a different log file.
The log file is located on a 6.2 box running the stock syslogd. For
what it is worth I have nine of these, only three are shown
syslogd is running with -n -vv -d at the moment.. I did not have to
specify -a 10.20.250.54:* to allow it to log.. (is that part of the
problem..?)
But the question is.. I do get logs from the respective hosts in the log
files that I have specified, but I do not understand why syslogd is also
catching them in the original local7.* /var/log/router/3620.log when as
far as I can tell they are setup correctly.
below is the relevant portions of the syslog.conf.
[~]# 18 > egrep -v "#" /etc/syslog.conf | cat -n
1
2 +10.20.250.54
3 *.* /var/log/router/circle.log
4 -10.20.250.54
5
6 +10.20.250.42
7 *.* /var/log/router/columbus.log
8 -10.20.250.42
9
10 +10.20.250.38
11 *.* /var/log/router/clinton.log
12 -10.20.250.38
13
14 +10.20.0.10
15 *.* /var/log/router/tcentral.log
16 -10.20.0.10
17
18 *.err;kern.warning;auth.notice;mail.crit /dev/console
19 *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
/var/log/messages
20 security.* /var/log/security
21 auth.info;authpriv.info /var/log/auth.log
22 mail.info /var/log/maillog
23 lpr.info /var/log/lpd-errs
24 ftp.info /var/log/xferlog
25 local7.* /var/log/router/3620.log
26 cron.* /var/log/cron
27 *.=debug /var/log/debug.log
28 *.emerg *
29 !startslip
30 *.* /var/log/slip.log
31 !ppp
32 *.* /var/log/ppp.log
and with syslogd in debug mode I see this:
and tcvthname(10.20.250.38)
logmsg: pri 276, flags 0, from 10.20.250.38, msg 1262: Jun 14
18:13:04.770: %SEC-6-IPACCESSLOGP: list 2044 denied udp
10.20.18.28(1039) -> 10.20.0.212(161), 1 packet
Logging to FILE /var/log/router/clinton.log
Logging to FILE /var/log/router/3620.log
cvthname(10.20.250.42)
logmsg: pri 276, flags 0, from 10.20.250.42, msg 68: Jun 14
18:13:04.835: %SEC-6-IPACCESSLOGP: list 2044 denied udp 10.20.8.57(1040)
-> 10.20.3.60(161), 4 packets
Logging to FILE /var/log/router/columbus.log
Logging to FILE /var/log/router/3620.log
I do not understand why the local7.* is still getting caught.. From what
I understood from the man page, the - tells it to stop logging from that
host.
Whatever the last 'host' entry is in the syslog.conf that host will not
log into both files.
from the 10.20.0.10 host I have configured syslog:
local7.* @10.20.0.29
and when I run logger:
date | logger -p local7.debug
cvthname(10.20.0.10)
logmsg: pri 277, flags 0, from 10.20.0.10, msg Jun 14 14:21:03 bcook:
Thu Jun 14 14:21:03 EDT 2007
Logging to FILE /var/log/router/tcentral.log
I get what I think I should..
Why do the previous entries not act the same as the last one?
What am I missing?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?467187FC.30104>