Hello all,

I am trying to have different cisco routers log to a different log file. The log file is located on a 6.2 box running the stock syslogd. For what it is worth I have nine of these, only three are shown

syslogd is running with -n -vv -d at the moment.. I did not have to specify -a* to allow it to log.. (is that part of the problem..?)

But the question is.. I do get logs from the respective hosts in the log files that I have specified, but I do not understand why syslogd is also catching them in the original local7.* /var/log/router/3620.log when as far as I can tell they are setup correctly.

below is the relevant portions of the syslog.conf.

 [~]# 18 > egrep -v "#" /etc/syslog.conf  | cat -n
     2  +
     3  *.*                             /var/log/router/circle.log
     4  -
     6  +
     7  *.*                             /var/log/router/columbus.log
     8  -
    10  +
    11  *.*                             /var/log/router/clinton.log
    12  -
    14  +
    15  *.*                            /var/log/router/tcentral.log
    16  -
    18  *.err;kern.warning;auth.notice;mail.crit     /dev/console
19 *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
    20  security.*                          /var/log/security
    21  auth.info;authpriv.info             /var/log/auth.log
    22  mail.info                          /var/log/maillog
    23  lpr.info                               /var/log/lpd-errs
    24  ftp.info                                 /var/log/xferlog
    25  local7.*                                /var/log/router/3620.log
    26  cron.*                                   /var/log/cron
    27  *.=debug                                /var/log/debug.log
    28  *.emerg                                         *
    29  !startslip
    30  *.*                                    /var/log/slip.log
    31  !ppp
    32  *.*                                     /var/log/ppp.log

and with syslogd in debug mode I see this:

and tcvthname(
logmsg: pri 276, flags 0, from, msg 1262: Jun 14 18:13:04.770: %SEC-6-IPACCESSLOGP: list 2044 denied udp ->, 1 packet
Logging to FILE /var/log/router/clinton.log
Logging to FILE /var/log/router/3620.log

logmsg: pri 276, flags 0, from, msg 68: Jun 14 18:13:04.835: %SEC-6-IPACCESSLOGP: list 2044 denied udp ->, 4 packets
Logging to FILE /var/log/router/columbus.log
Logging to FILE /var/log/router/3620.log

I do not understand why the local7.* is still getting caught.. From what I understood from the man page, the - tells it to stop logging from that host.

Whatever the last 'host' entry is in the syslog.conf that host will not log into both files.

from the host I have configured syslog:

local7.*  @
and when I run logger:

date | logger -p local7.debug

logmsg: pri 277, flags 0, from, msg Jun 14 14:21:03 bcook: Thu Jun 14 14:21:03 EDT 2007
Logging to FILE /var/log/router/tcentral.log

I get what I think I should..

Why do the previous entries not act the same as the last one?

What am I missing?

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to