syslog.conf questions..

Thu, 14 Jun 2007 11:25:39 -0700 

Hello all,
I am trying to have different cisco routers log to a different log file. The log file is located on a 6.2 box running the stock syslogd. For what it is worth I have nine of these, only three are shown 


syslogd is running with -n -vv -d at the moment.. I did not have to 
specify -a 10.20.250.54:* to allow it to log.. (is that part of the 
problem..?)



But the question is.. I do get logs from the respective hosts in the log 
files that I have specified, but I do not understand why syslogd is also 
catching them in the original local7.* /var/log/router/3620.log when as 
far as I can tell they are setup correctly.


below is the relevant portions of the syslog.conf.

 [~]# 18 > egrep -v "#" /etc/syslog.conf  | cat -n
     1
     2  +10.20.250.54
     3  *.*                             /var/log/router/circle.log
     4  -10.20.250.54
     5
     6  +10.20.250.42
     7  *.*                             /var/log/router/columbus.log
     8  -10.20.250.42
     9
    10  +10.20.250.38
    11  *.*                             /var/log/router/clinton.log
    12  -10.20.250.38
    13
    14  +10.20.0.10
    15  *.*                            /var/log/router/tcentral.log
    16  -10.20.0.10
    17
    18  *.err;kern.warning;auth.notice;mail.crit     /dev/console

    19  *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err 
 /var/log/messages

    20  security.*                          /var/log/security
    21  auth.info;authpriv.info             /var/log/auth.log
    22  mail.info                          /var/log/maillog
    23  lpr.info                               /var/log/lpd-errs
    24  ftp.info                                 /var/log/xferlog
    25  local7.*                                /var/log/router/3620.log
    26  cron.*                                   /var/log/cron
    27  *.=debug                                /var/log/debug.log
    28  *.emerg                                         *
    29  !startslip
    30  *.*                                    /var/log/slip.log
    31  !ppp
    32  *.*                                     /var/log/ppp.log



and with syslogd in debug mode I see this:

and tcvthname(10.20.250.38)

logmsg: pri 276, flags 0, from 10.20.250.38, msg 1262: Jun 14 
18:13:04.770: %SEC-6-IPACCESSLOGP: list 2044 denied udp 
10.20.18.28(1039) -> 10.20.0.212(161), 1 packet

Logging to FILE /var/log/router/clinton.log
Logging to FILE /var/log/router/3620.log

cvthname(10.20.250.42)

logmsg: pri 276, flags 0, from 10.20.250.42, msg 68: Jun 14 
18:13:04.835: %SEC-6-IPACCESSLOGP: list 2044 denied udp 10.20.8.57(1040) 
-> 10.20.3.60(161), 4 packets

Logging to FILE /var/log/router/columbus.log
Logging to FILE /var/log/router/3620.log


I do not understand why the local7.* is still getting caught.. From what 
I understood from the man page, the - tells it to stop logging from that 
host.



Whatever the last 'host' entry is in the syslog.conf that host will not 
log into both files.


from the 10.20.0.10 host I have configured syslog:

local7.*  @10.20.0.29
and when I run logger:

date | logger -p local7.debug

cvthname(10.20.0.10)

logmsg: pri 277, flags 0, from 10.20.0.10, msg Jun 14 14:21:03 bcook: 
Thu Jun 14 14:21:03 EDT 2007

Logging to FILE /var/log/router/tcentral.log

I get what I think I should..

Why do the previous entries not act the same as the last one?

What am I missing?

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






















					Reply via email to