The syslog.conf rules that you say that you use on your website don't seem to match your active files.
For example, it looks like you have a rule: ****.TRMD**.***.*** /var/log/%Y/%m/%d/trmd* I'm not certain, but by my reading of the Comm Server IP Configuration Guide this will be a problem: what will cause syslogd to roll over to the next file at midnight? I would recommend using the "-N" option at the end of the rule along with the Global archive settings to automatically handle opening a new log and archiving the old data. You can even archive to data sets or GDGs if you want. Alternatively, "-X" just truncates the log after a configurable time. But you should have one or the other to prevent the files from growing without bound. Just my preference, but I would name the files "something.log". Kirk Wolf Dovetailed Technologies https://coztoolkit.com On Tue, Jul 25, 2023, at 9:03 AM, Tom Longfellow wrote: > I think I am on the right track now. > On a personal note, I have always had difficulty working with 'Reverse' > logic, like my Reverse Polish Notation (RPN) calculator in my ancient College > past. > > I had tried the use of the '!' in the directives to no advantage several > times over the years. > > It turns out that the core of my problem was my interpretation of a few > 'quirks' in syslog defining. > Selection criteria is in four parts - source.task.component.faciility ---- > leaving out a part changes the meaning of all the remaining parts. > Evaluation is from right to left (another Reverse for me to deal with) > Selections can be concatenated and trigger when all the components are True. > Any False test kills the evaluation of that rule. > > This leaves you with the situation where you must define a test where the > 'truth' of the test 'excludes' the message. > In the past, I was trying '!Condition' mixed with 'This one' conditions. > Unsuccessfully. > > Thanks to this web page > https://colinpaice.blog/2022/05/30/setting-up-syslogd-on-z-os/ I now think I > have it right. > Turns out there is a 'facility' called 'none' that can be viewed as 'not any > of the other ones'. > > Right now, my config file has the following and things are looking better. > (BTW: the z/OS CS Syslogd Browser is VERY useful) > > Rule/Active UNIX file name > ---=---=---=---=---=---=---=---- > *.TRMD*.*.* > /var/log/2023/07/25/trmd > - - - - - - - - - - - - - - - - - - - > *.IKED*.*.* > /var/log/2023/07/25/iked > - - - - - - - - - - - - - - - - - - - > *.debug > /var/log/2023/07/25/debug > - - - - - - - - - - - - - - - - - - - > *.err > /var/log/2023/07/25/errors > - - - - - - - - - - - - - - - - - - - > *.info;*.TRMD*.*.none;*.IKED*.*.none > /var/log/2023/07/25/log > - - - - - - - - - - - - - - - - - - - > (170.99.3.0/24).*.* > /var/log/2023/07/25/log-others > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
