RE: FreeBSD 4.7 Syslogs
Well, I guess we'll have to chalk this one up to forces of nature. I replaced the old syslog.conf with: # $FreeBSD: src/etc/syslog.conf,v 1.13.2.2 2001/02/26 09:26:11 phk Exp $ # # Spaces are NOT valid field separators in this file. # Consult the syslog.conf(5) manpage. # Purchasing database syslog local7.notice/var/log/purchasing # Postgres syslog local0.*/var/log/postgres local2.*/var/log/qmail/smtpd.log local3.*/var/log/qmail/send local4.*/var/log/qmail/masterlog *.err;kern.debug;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit /var/log/messages authpriv.* /var/log/authpriv security.* /var/log/security mail.info /var/log/maillog lpr.info/var/log/lpd-errs cron.* /var/log/cron *.emerg * # uncomment this to log all writes to /dev/console to /var/log/console.log console.info/var/log/console.log ...and low and behold the logs started working. As you said, it doesn't seem like it should have made a difference...but something changed. I still can't explain why it broke in the first place, but what's most important is that it started working again. Your explanation was extremely helpful, and I'm very appreciative. It's very admirable that you give of your time to help out complete strangers. If you have a PayPal account, I wouldn't mind sending over a little token of my appreciation. Thanks again, Matt -Original Message- From: JJB [mailto:[EMAIL PROTECTED] Sent: Saturday, May 15, 2004 10:42 PM To: Matt "Cyber Dog" LaPlante Subject: RE: FreeBSD 4.7 Syslogs Matt. You did not reboot system before you captured the requested data, but that is ok. I will write this reply in an teaching manner, so don't think I am talking down to you. The command ps ax displays all the tasks running on your system. 843 p0- S 0:00.03 syslogd -d 847 p0- I 0:00.03 syslogd -d 1214 p0- I 0:00.03 syslogd -dv from your posted data for ps ax display the above says you have 3 tasks running syslogd in debug mode. An reboot will get rid of this or you can kill the tasks by using the task number ie 843 for example. Enter on the command line killall 843 to kill that task then do ps ax to see that it's gone, then do same for the other 2 numbers 847 & 1214 *** Now lets cover how syslogs are defined and the control of auto rotate. This is very poorly described in man syslog and man newsyslog. The command man is the command for display to console the manual. So man newsyslog would display to the console screen the manual documentation for the newsyslog command. Be for warned the man documentation is very poorly written and conveys very little useful info. I will focus on the messages log file as an example to explain what is happening, but same process applies to all log files defined in /ect/syslog.conf. In FBSD all messages to syslog uses 2 elements to define the message, the facility and message level. In syslog.conf the left side on the line is the facility.level. The level describes the severity of the message, and is a keyword from the following ordered list (higher to lower): emerg, alert, crit, err, warning, notice, info and debug. Coding *.notice means all messages emerg through notice. With that info, looking at your syslog.conf it is obvious there are coding problems with some of the files, but nothing that would cause an log file not to work. As general rule messages file is reserved for FBSD system messages not application messages which have their own log files. Local0 and local7 should not be going to messages file as they have their own log files. !local0.*;!local7.*;*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages this should be re-written as *.notice;kern.debug;lpr.info;mail.crit /var/log/messages !local0.*;*.err;kern.debug;auth.notice;mail.crit /dev/console !local0.*;*.notice;news.err /dev/console !local0.*;*.alert /dev/console This is an real mess, should be re-written as *.err;kern.debug;mail.crit/dev/console I did not see an news group server enabled in rc.conf so news.err is not necessary. You will only see these console messages when you are logged in as root, they are not saved in between logins. This local7.crit;local7.err;local7.notice/var/log/purchasing should be this local7.notice/var/log/purchasing as all the higher messa
Re: FreeBSD 4.7 Syslogs
- Original Message - From: "JJB" <[EMAIL PROTECTED]> To: "Micheal Patterson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, May 16, 2004 9:37 AM Subject: RE: FreeBSD 4.7 Syslogs > Thanks for the additional info. > > I tested using this logger -p lpr.err "test test" > There is no error message about logger not working. > > And I get nothing in the /var/log/lpr-errs log file. > > syslogd -d shows nothing happening. > > I am running 4.9. virgin install so all the config files are there. > > This is so simple that the only conclusion is that it's broken in > 4.x versions. > > Can any one verify that it's working in 4.x versions. > > Any ideas of suggestions of how to proceed to get the logger command > working? > > -Original Message- > From: Micheal Patterson [mailto:[EMAIL PROTECTED] > Sent: Sunday, May 16, 2004 5:04 AM > To: Matt "Cyber Dog" LaPlante; 'Matthew Seaman'; > [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: FreeBSD 4.7 Syslogs > > Yes, I can verify that it's working in FreeBSD 4.7, 4.9 and 4.10 RC2 FreeBSD tsgrtr.tsgincorporated.com 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Sat Apr 12 15:42:55 CDT 2003 [EMAIL PROTECTED]:/usr/src/sys/compile/LANDMARK i386 Logging to CONSOLE /dev/console Logging to FILE /var/log/messages Logging to FILE /var/log/lpd-errs Logging to FILE /var/log/all.log logmsg: pri 166, flags 17, from tsgrtr, msg May 16 14:38:58 tsgrtr micheal: test test FreeBSD router.rcservers.com 4.9-STABLE FreeBSD 4.9-STABLE #3: Sun Mar 28 20:16:07 CST 2004 [EMAIL PROTECTED]:/usr/src/sys/compile/ROUTER i386 Logging to CONSOLE /dev/console Logging to FILE /var/log/messages Logging to FILE /var/log/lpd-errs logmsg: pri 166, flags 17, from router, msg May 16 14:37:32 router micheal: test test --- FreeBSD fmswfw.firstmedok.com 4.10-RC2 FreeBSD 4.10-RC2 #1: Thu May 13 15:54:10 CDT 2004 root@:/usr/src/sys/compile/FMFW3 i386 Logging to CONSOLE /dev/console Logging to FILE /var/log/messages Logging to FILE /var/log/lpd-errs logmsg: pri 166, flags 17, from fmswfw, msg May 16 14:43:22 fmswfw micheal: test test I start syslogd with -s -c -c normally and -s -c -c -d while I was debugging so I don't get the "message repeated x number of times" entries in my logs as I have a need to see each entry in the logs. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD 4.7 Syslogs
Replying to my own post. I had tried kill -HUP xxx where xxx was the pid number of syslog task And still logger did not work When an task is HUPed does that change the task number? Or is the task just signaled to re-init it's self? Rebooted system and logger works as documented now. Have no idea why it was hosed, but working now and that is all that matters. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of JJB Sent: Sunday, May 16, 2004 11:14 AM To: Warren Block Cc: Micheal Patterson; [EMAIL PROTECTED] Subject: RE: FreeBSD 4.7 Syslogs So I have an typo in my post. I did look in /var/log/lpd-errs and it's empty. Any help as what to do to figure this out? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Warren Block Sent: Sunday, May 16, 2004 11:01 AM To: JJB Cc: Micheal Patterson; [EMAIL PROTECTED] Subject: RE: FreeBSD 4.7 Syslogs On Sun, 16 May 2004, JJB wrote: > Thanks for the additional info. > > I tested using this logger -p lpr.err "test test" > There is no error message about logger not working. > > And I get nothing in the /var/log/lpr-errs log file. That would be /var/log/lpd-errs. > This is so simple that the only conclusion is that it's broken in > 4.x versions. That's a pretty big conclusion from a small test. Like the old "my program doesn't work, so it must be a bug in the compiler" jump. You are just looking for results in the wrong place. It's also possible that you have syslog set to not log that type of error. > Can any one verify that it's working in 4.x versions. It works. -Warren Block * Rapid City, South Dakota USA ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD 4.7 Syslogs
So I have an typo in my post. I did look in /var/log/lpd-errs and it's empty. Any help as what to do to figure this out? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Warren Block Sent: Sunday, May 16, 2004 11:01 AM To: JJB Cc: Micheal Patterson; [EMAIL PROTECTED] Subject: RE: FreeBSD 4.7 Syslogs On Sun, 16 May 2004, JJB wrote: > Thanks for the additional info. > > I tested using this logger -p lpr.err "test test" > There is no error message about logger not working. > > And I get nothing in the /var/log/lpr-errs log file. That would be /var/log/lpd-errs. > This is so simple that the only conclusion is that it's broken in > 4.x versions. That's a pretty big conclusion from a small test. Like the old "my program doesn't work, so it must be a bug in the compiler" jump. You are just looking for results in the wrong place. It's also possible that you have syslog set to not log that type of error. > Can any one verify that it's working in 4.x versions. It works. -Warren Block * Rapid City, South Dakota USA ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD 4.7 Syslogs
On Sun, 16 May 2004, JJB wrote: > Thanks for the additional info. > > I tested using this logger -p lpr.err "test test" > There is no error message about logger not working. > > And I get nothing in the /var/log/lpr-errs log file. That would be /var/log/lpd-errs. > This is so simple that the only conclusion is that it's broken in > 4.x versions. That's a pretty big conclusion from a small test. Like the old "my program doesn't work, so it must be a bug in the compiler" jump. You are just looking for results in the wrong place. It's also possible that you have syslog set to not log that type of error. > Can any one verify that it's working in 4.x versions. It works. -Warren Block * Rapid City, South Dakota USA ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD 4.7 Syslogs
Thanks for the additional info. I tested using this logger -p lpr.err "test test" There is no error message about logger not working. And I get nothing in the /var/log/lpr-errs log file. syslogd -d shows nothing happening. I am running 4.9. virgin install so all the config files are there. This is so simple that the only conclusion is that it's broken in 4.x versions. Can any one verify that it's working in 4.x versions. Any ideas of suggestions of how to proceed to get the logger command working? -Original Message- From: Micheal Patterson [mailto:[EMAIL PROTECTED] Sent: Sunday, May 16, 2004 5:04 AM To: Matt "Cyber Dog" LaPlante; 'Matthew Seaman'; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: FreeBSD 4.7 Syslogs - Original Message - From: "JJB" <[EMAIL PROTECTED]> To: "Matt "Cyber Dog" LaPlante" <[EMAIL PROTECTED]>; "'Matthew Seaman'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, May 15, 2004 3:04 PM Subject: RE: FreeBSD 4.7 Syslogs > Well since you are new to FBSD and since the syslogd -d commands > shows that you do not have logging specified in /etc/syslog.conf for > the messages file. You just do not know what you are looking at. Who > ever was sysadmin before you probably commented it out for what > ever reason. > > By the way I tried using the logger command on my 4.9 system and it > did not write any messages at all. So it is no help in debugging > this problem. I read the man logger info and as usual the man page > is useless. Who ever writes those must work real hard at writing > sentences that convey no meanings. Logger works just fine if you know how to use it and are running it as root and is a good tool for working with syslog problems. The man pages tell you quite a bit about provided you can interpret them effectively. man logger: logger [-46Ais] [-f file] [-h host] [-p pri] [-t tag] [message ...] -p pri Enter the message with the specified priority. The priority may be specified numerically or as a ``facility.level'' pair. For example, ``-p local3.info'' logs the message(s) as informational level in the local3 facility. The default is ``user.notice.'' man syslogd will give you a list of all priorities and facilities. Priorities: LOG_EMERG A panic condition. This is normally broadcast to all users. LOG_ALERT A condition that should be corrected immediately, such as a corrupted system database. LOG_CRIT Critical conditions, e.g., hard device errors. LOG_ERR Errors. LOG_WARNING Warning messages. LOG_NOTICEConditions that are not error conditions, but should possi- bly be handled specially. LOG_INFO Informational messages. LOG_DEBUG Messages that contain information normally of use only when debugging a program. Facilities: LOG_AUTH The authorization system: login(1), su(1), getty(8), etc. LOG_AUTHPRIV The same as LOG_AUTH, but logged to a file readable only by selected individuals. LOG_CONSOLE Messages written to /dev/console by the kernel console out- put driver. LOG_CRON The cron daemon: cron(8). LOG_DAEMONSystem daemons, such as routed(8), that are not provided for explicitly by other facilities. LOG_FTP The file transfer protocol daemons: ftpd(8), tftpd(8). LOG_KERN Messages generated by the kernel. These cannot be gener- ated by any user processes. LOG_LPR The line printer spooling system: lpr(1), lpc(8), lpd(8), etc. LOG_MAIL The mail system. LOG_NEWS The network news system. LOG_SECURITY Security subsystems, such as ipfw(4). LOG_SYSLOGMessages generated internally by syslogd(8). LOG_USER Messages generated by random user processes. This is the default facility identifier if none is specified. LOG_UUCP The uucp system. LOG_LOCAL0Reserved for local use. Similarly for LOG_LOCAL1 through LOG_LOCAL7. So, you have facilities of auth, authpriv, console, cron, daemon, ftp, kern, lpr, mail, news, security, syslog, user, uucp, local0 - local7 and you have priorities of: emerg, alert, crit, err, warning, notice, info and debug So, by doing the command logger -p like so: logger -p security.notice "This is a test of security.notice" You get this in your security log which is default to /var/log/security May 16 03:24:14 router /kernel: ipfw: 65000 Deny TCP 222.90.22.52:4267 68.227.96.223:65506 in via ep0 May 16 03:30:03 router micheal: This is a test of security.notice If you're running syslogd -d you'll see exactly what was sent to syslogd and where it was placed: logmsg: pri 155, flags 0, f
Re: FreeBSD 4.7 Syslogs
Sunil Sunder Raj wrote: Hi, I did not mean to change the permissions to 777 permanently. Just to come to a conclusion on whether it is a permission problem. As 90% unix problems are related to permissions. Then you should have said so. But you did not - you simply told an admitted "noob" to set the permissions to 777, without any explanation. He might have done that, and if it had fixed his problem, he might have left it that way, thinking everything was solved - but with his logfile open to attack. Please think about the advice you give, and whom you are giving it to, before you give it. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 4.7 Syslogs
Hi, I did not mean to change the permissions to 777 permanently. Just to come to a conclusion on whether it is a permission problem. As 90% unix problems are related to permissions. Regards SSR From: "Shaun T. Erickson" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: FreeBSD 4.7 Syslogs Date: Sun, 16 May 2004 09:47:01 -0400 Sunil Sunder Raj wrote: Just give 777 permissions to /var/log/messages This is BAD advice, and you should NOT follow it. If you do, you will give anyone the ability to modify or delete your log entries, which yoou do NOT want. Find and fix the actual problem; don't bypass the symptom with something that reduces system security. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" _ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 4.7 Syslogs
Sunil Sunder Raj wrote: > Hi, > Just give 777 permissions to /var/log/messages With all due respect, but that is rather bad advice. I have been running syslog on FreeBSD 4.7R for years, without problem; and never ever did I have to resort to making /var/log/messages world-writeable. Besides, that is totally unnecessary too: syslogd runs as root, so only root needs write permissions (and, since it is root, probably not even that). You can run syslogd like this: /usr/sbin/syslogd -s Or something like: /usr/sbin/syslogd -a 192.168.6.0/24 if you need to log from remote machines. Your /etc/syslog.conf should look something like this: *.err;kern.debug;mail.crit /var/log/messages *.notice;lpr.info;news.err /var/log/messages security.* /var/log/security mail.info /var/log/maillog Cheers, - Mark ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 4.7 Syslogs
Sunil Sunder Raj wrote: Just give 777 permissions to /var/log/messages This is BAD advice, and you should NOT follow it. If you do, you will give anyone the ability to modify or delete your log entries, which yoou do NOT want. Find and fix the actual problem; don't bypass the symptom with something that reduces system security. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD 4.7 Syslogs
Hi, Just give 777 permissions to /var/log/messages Regards SSR From: "Matt \"Cyber Dog\" LaPlante" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: RE: FreeBSD 4.7 Syslogs Date: Sat, 15 May 2004 16:38:54 -0400 /var/run/dmesg.boot: Copyright (c) 1992-2002 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.7-RELEASE-p15 #2: Sat Sep 27 11:04:10 EDT 2003 Timecounter "i8254" frequency 1193182 Hz CPU: Pentium III/Pentium III Xeon/Celeron (1004.52-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x68a Stepping = 10 Features=0x383fbff CMOV,PAT,PSE36,MMX,FXSR,SSE> real memory = 2147467264 (2097136K bytes) config> di sn0 No such device: sn0 Invalid command or syntax. Type `?' for help. config> di lnc0 No such device: lnc0 Invalid command or syntax. Type `?' for help. config> di ie0 No such device: ie0 Invalid command or syntax. Type `?' for help. config> di fe0 No such device: fe0 Invalid command or syntax. Type `?' for help. config> di ed0 No such device: ed0 Invalid command or syntax. Type `?' for help. config> di cs0 No such device: cs0 Invalid command or syntax. Type `?' for help. config> q avail memory = 2087624704 (2038696K bytes) Programming 24 pins in IOAPIC #0 IOAPIC #0 intpin 2 -> irq 0 FreeBSD/SMP: Multiprocessor motherboard cpu0 (BSP): apic id: 3, version: 0x00040011, at 0xfee0 cpu1 (AP): apic id: 0, version: 0x00040011, at 0xfee0 io0 (APIC): apic id: 2, version: 0x00178011, at 0xfec0 Preloaded elf kernel "kernel" at 0xc03d1000. Preloaded userconfig_script "/boot/kernel.conf" at 0xc03d109c. netsmb_dev: loaded Pentium Pro MTRR support enabled md0: Malloc disk Using $PIR table, 7 entries at 0xc00f12d0 npx0: on motherboard npx0: INT 16 interface pcib0: on motherboard IOAPIC #0 intpin 18 -> irq 2 IOAPIC #0 intpin 16 -> irq 4 IOAPIC #0 intpin 19 -> irq 10 pci0: on pcib0 agp0: mem 0xfc00-0xfdff at device 0.0 on pci0 pcib2: at device 1.0 on pci0 pci1: on pcib2 isab0: at device 4.0 on pci0 isa0: on isab0 atapci0: port 0xd800-0xd80f at device 4.1 on pci0 ata0: at 0x1f0 irq 14 on atapci0 ata1: at 0x170 irq 15 on atapci0 pci0: at 4.2 irq 2 pci0: at 4.3 irq 2 pci0: (vendor=0x1106, dev=0x3057) at 4.4 xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0xb800-0xb87f mem 0xef00-0xef7f irq 2 at device 10.0 on pci0 xl0: Ethernet address: 00:04:75:72:64:cb miibus0: on xl0 ukphy0: on miibus0 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto pci0: at 12.0 irq 4 twe0: <3ware Storage Controller> port 0xb400-0xb40f mem 0xed80-0xedff,0xee00-0xee0f irq 10 at device 13.0 on pci0 twe0: 4 ports, Firmware FE7X 1.03.09.027, BIOS BE7X 1.07.02.002 pcib1: on motherboard pci2: on pcib1 orm0: at iomem 0xc-0xcafff,0xcc000-0xccfff on isa0 fdc0: at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0 fdc0: FIFO enabled, 8 bytes threshold fd0: <1440-KB 3.5" drive> on fdc0 drive 0 atkbdc0: at port 0x60,0x64 on isa0 atkbd0: flags 0x1 irq 1 on atkbdc0 kbd0 at atkbd0 psm0: irq 12 on atkbdc0 psm0: model IntelliMouse, device ID 3 vga0: at port 0x3c0-0x3df iomem 0xa-0xb on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio0: configured irq 4 not in bitmap of probed irqs 0 sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 8250 sio1: configured irq 3 not in bitmap of probed irqs 0 ppc0: parallel port not found. APIC_IO: Testing 8254 interrupt delivery APIC_IO: routing 8254 via IOAPIC #0 intpin 2 SMP: AP CPU #1 Launched! ad0: 39266MB [79780/16/63] at ata0-master UDMA100 ad2: 117246MB [238216/16/63] at ata1-master UDMA100 twed0: on twe0 twed0: 95395MB (195369520 sectors) twe0: command interrupt Mounting root from ufs:/dev/ad0s1a /etc/rc.conf: # -- sysinstall generated deltas -- # Wed Apr 3 17:02:40 2002 # Created: Wed Apr 3 17:02:40 2002 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. kern_securelevel_enable="NO" linux_enable="YES" moused_type="auto" nfs_reserved_port_only="YES" saver="logo" sshd_enable="YES" # use ssh from openssh port instead of default sshd_program="/usr/local/sbin/sshd" sshd_flags="-u16" usbd_enable="NO" sendmail_enable="NO" # make sure portmap/rpc shit is disabled portmap_enable="NO" nfs_client_enable="NO" nfs_server_enable="NO" nis_client_enable="NO&qu
Re: FreeBSD 4.7 Syslogs
- Original Message - From: "JJB" <[EMAIL PROTECTED]> To: "Matt "Cyber Dog" LaPlante" <[EMAIL PROTECTED]>; "'Matthew Seaman'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, May 15, 2004 3:04 PM Subject: RE: FreeBSD 4.7 Syslogs > Well since you are new to FBSD and since the syslogd -d commands > shows that you do not have logging specified in /etc/syslog.conf for > the messages file. You just do not know what you are looking at. Who > ever was sysadmin before you probably commented it out for what > ever reason. > > By the way I tried using the logger command on my 4.9 system and it > did not write any messages at all. So it is no help in debugging > this problem. I read the man logger info and as usual the man page > is useless. Who ever writes those must work real hard at writing > sentences that convey no meanings. Logger works just fine if you know how to use it and are running it as root and is a good tool for working with syslog problems. The man pages tell you quite a bit about provided you can interpret them effectively. man logger: logger [-46Ais] [-f file] [-h host] [-p pri] [-t tag] [message ...] -p pri Enter the message with the specified priority. The priority may be specified numerically or as a ``facility.level'' pair. For example, ``-p local3.info'' logs the message(s) as informational level in the local3 facility. The default is ``user.notice.'' man syslogd will give you a list of all priorities and facilities. Priorities: LOG_EMERG A panic condition. This is normally broadcast to all users. LOG_ALERT A condition that should be corrected immediately, such as a corrupted system database. LOG_CRIT Critical conditions, e.g., hard device errors. LOG_ERR Errors. LOG_WARNING Warning messages. LOG_NOTICEConditions that are not error conditions, but should possi- bly be handled specially. LOG_INFO Informational messages. LOG_DEBUG Messages that contain information normally of use only when debugging a program. Facilities: LOG_AUTH The authorization system: login(1), su(1), getty(8), etc. LOG_AUTHPRIV The same as LOG_AUTH, but logged to a file readable only by selected individuals. LOG_CONSOLE Messages written to /dev/console by the kernel console out- put driver. LOG_CRON The cron daemon: cron(8). LOG_DAEMONSystem daemons, such as routed(8), that are not provided for explicitly by other facilities. LOG_FTP The file transfer protocol daemons: ftpd(8), tftpd(8). LOG_KERN Messages generated by the kernel. These cannot be gener- ated by any user processes. LOG_LPR The line printer spooling system: lpr(1), lpc(8), lpd(8), etc. LOG_MAIL The mail system. LOG_NEWS The network news system. LOG_SECURITY Security subsystems, such as ipfw(4). LOG_SYSLOGMessages generated internally by syslogd(8). LOG_USER Messages generated by random user processes. This is the default facility identifier if none is specified. LOG_UUCP The uucp system. LOG_LOCAL0Reserved for local use. Similarly for LOG_LOCAL1 through LOG_LOCAL7. So, you have facilities of auth, authpriv, console, cron, daemon, ftp, kern, lpr, mail, news, security, syslog, user, uucp, local0 - local7 and you have priorities of: emerg, alert, crit, err, warning, notice, info and debug So, by doing the command logger -p like so: logger -p security.notice "This is a test of security.notice" You get this in your security log which is default to /var/log/security May 16 03:24:14 router /kernel: ipfw: 65000 Deny TCP 222.90.22.52:4267 68.227.96.223:65506 in via ep0 May 16 03:30:03 router micheal: This is a test of security.notice If you're running syslogd -d you'll see exactly what was sent to syslogd and where it was placed: logmsg: pri 155, flags 0, from router, msg May 16 04:01:04 micheal: This is a test of security.notice Logging to FILE /var/log/messages Logging to CONSOLE /dev/console Logging to FILE /var/log/security logmsg: pri 166, flags 17, from router, msg May 16 04:01:04 router micheal: This is a test of security.notice As you can see, I have *.notice going to messages and security.* to security and /dev/console. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and
Re: FreeBSD 4.7 Syslogs
- Original Message - From: "Matt "Cyber Dog" LaPlante" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, May 15, 2004 3:38 PM Subject: RE: FreeBSD 4.7 Syslogs You've got a pretty high number of max logs with pretty hefty file size limits. What's a df -k show on that system? -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 4.7 Syslogs
- Original Message - From: "Matt "Cyber Dog" LaPlante" <[EMAIL PROTECTED]> To: "'Matthew Seaman'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, May 15, 2004 12:34 PM Subject: RE: FreeBSD 4.7 Syslogs > I tried the logger command, but it didn't reach the messages file (which is > still empty). Here is the output from the syslogd -d command: > > syslogd: bind: Address already in use > logmsg: pri 53, flags 4, from , msg syslogd: bind: Address already in use > Logging to CONSOLE /dev/console > syslogd: bind: Address already in use > logmsg: pri 53, flags 4, from , msg syslogd: bind: Address already in use > Logging to CONSOLE /dev/console > can't open /dev/klog (16) Something is listening already on port 514 and syslogd is complaining about that. Do a sockstat |grep 514 and see what's sitting on that port. Also, "can't open /dev/klog (16)" is another problem. That device is the kernel log device so syslog can see kernel messages. Syslog may not be too happy about that either. You might check and see if you have a klog in /dev -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD 4.7 Syslogs
01 /usr/libexec/getty Pc ttyv0 241 v1 Is+0:00.01 /usr/libexec/getty Pc ttyv1 242 v2 Is+0:00.00 /usr/libexec/getty Pc ttyv2 243 v3 Is+0:00.01 /usr/libexec/getty Pc ttyv3 244 v4 Is+0:00.01 /usr/libexec/getty Pc ttyv4 245 v5 Is+0:00.00 /usr/libexec/getty Pc ttyv5 246 v6 Is+0:00.01 /usr/libexec/getty Pc ttyv6 247 v7 Is+0:00.00 /usr/libexec/getty Pc ttyv7 214 con- I 0:00.07 /usr/local/pgsql/bin/postmaster (postgres) 221 con- I 0:00.00 postmaster: stats buffer process(postgres) 222 con- I 0:00.00 postmaster: stats collector process(postgres) 231 con- S 0:00.39 /usr/local/bin/svscan /var/service 232 con- I 0:00.00 /usr/local/bin/readproctitle service errors: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of JJB Sent: Saturday, May 15, 2004 4:04 PM To: Matt "Cyber Dog" LaPlante; 'Matthew Seaman'; [EMAIL PROTECTED] Subject: RE: FreeBSD 4.7 Syslogs Well since you are new to FBSD and since the syslogd -d commands shows that you do not have logging specified in /etc/syslog.conf for the messages file. You just do not know what you are looking at. Who ever was sysadmin before you probably commented it out for what ever reason. By the way I tried using the logger command on my 4.9 system and it did not write any messages at all. So it is no help in debugging this problem. I read the man logger info and as usual the man page is useless. Who ever writes those must work real hard at writing sentences that convey no meanings. To verify the conclusion that no logging is enabled for messages file, first do halt command, power off box, wait 1 minute, power back on to boot system, then, post the complete contents of these files. /var/run/dmesg.boot /etc/rc.conf /etc/syslog.conf /etc/newsylog.conf /etc/crontab The output of this command ls -l /var/log/* to see all the details about your log files. The output of this command ps ax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt "Cyber Dog" LaPlante Sent: Saturday, May 15, 2004 1:34 PM To: 'Matthew Seaman'; [EMAIL PROTECTED] Subject: RE: FreeBSD 4.7 Syslogs I tried the logger command, but it didn't reach the messages file (which is still empty). Here is the output from the syslogd -d command: syslogd: bind: Address already in use logmsg: pri 53, flags 4, from , msg syslogd: bind: Address already in use Logging to CONSOLE /dev/console syslogd: bind: Address already in use logmsg: pri 53, flags 4, from , msg syslogd: bind: Address already in use Logging to CONSOLE /dev/console can't open /dev/klog (16) off & running init cfline("local7.crit;local7.err;local7.notice /var/log/purchasing", f, "*", "*") cfline("local0.* /var/log/postgres", f, "*", "*") cfline("local2.* /var/log/qmail/smtpd.log", f, "*", "*") cfline("local3.* /var/log/qmail/send", f, "*", "*") cfline("local4.* /var/log/qmail/masterlog", f, "*", "*") cfline("authpriv.* /var/log/authpriv", f, "local0", "*") cfline("security.* /var/log/security", f, "local0", "*") cfline("mail.info /var/log/maillog", f, "local0", "*") cfline("lpr.info /var/log/lpd-errs", f, "local0", "*") cfline("cron.* /var/log/cron", f, "local0", "*") cfline("*.emerg *", f, "local0", "*") cfline("console.info /var/log/console.log", f, "local0", "*") X X X X X X X X X X X X X X X X X X X X X X X 5 X FILE: /var/log/purchasing X X X X X X X X X X X X X X X X 8 X X X X X X X X FILE: /var/log/postgres X X X X X X X X X X X X X X X X X X 8 X X X X X X FILE: /var/log/qmail/smtpd.log X X X X X X X X X X X X X X X X X X X 8 X X X X X FILE: /var/log/qmail/send X X X X X X X X X X X X X X X X X X X X 8 X X X X FILE: /var/log/qmail/masterlog X X X X X X X X X X 8 X X X X X X X X X X X X X X FILE: /var/log/authpriv (local0) X X X X X X X X X X X X X 8 X X X X X X X X X X X FILE: /var/log/security (local0) X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog (local0) X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs (local0) X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron (local0) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: (local0) X X X X X X X X X X X X X X 6 X X X X X X X X X X FILE: /var/log/console.log (local0) logmsg: pri 56, flags 4, from compname, msg syslogd: restart syslogd: restarted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf O
RE: FreeBSD 4.7 Syslogs
Well since you are new to FBSD and since the syslogd -d commands shows that you do not have logging specified in /etc/syslog.conf for the messages file. You just do not know what you are looking at. Who ever was sysadmin before you probably commented it out for what ever reason. By the way I tried using the logger command on my 4.9 system and it did not write any messages at all. So it is no help in debugging this problem. I read the man logger info and as usual the man page is useless. Who ever writes those must work real hard at writing sentences that convey no meanings. To verify the conclusion that no logging is enabled for messages file, first do halt command, power off box, wait 1 minute, power back on to boot system, then, post the complete contents of these files. /var/run/dmesg.boot /etc/rc.conf /etc/syslog.conf /etc/newsylog.conf /etc/crontab The output of this command ls -l /var/log/* to see all the details about your log files. The output of this command ps ax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt "Cyber Dog" LaPlante Sent: Saturday, May 15, 2004 1:34 PM To: 'Matthew Seaman'; [EMAIL PROTECTED] Subject: RE: FreeBSD 4.7 Syslogs I tried the logger command, but it didn't reach the messages file (which is still empty). Here is the output from the syslogd -d command: syslogd: bind: Address already in use logmsg: pri 53, flags 4, from , msg syslogd: bind: Address already in use Logging to CONSOLE /dev/console syslogd: bind: Address already in use logmsg: pri 53, flags 4, from , msg syslogd: bind: Address already in use Logging to CONSOLE /dev/console can't open /dev/klog (16) off & running init cfline("local7.crit;local7.err;local7.notice /var/log/purchasing", f, "*", "*") cfline("local0.* /var/log/postgres", f, "*", "*") cfline("local2.* /var/log/qmail/smtpd.log", f, "*", "*") cfline("local3.* /var/log/qmail/send", f, "*", "*") cfline("local4.* /var/log/qmail/masterlog", f, "*", "*") cfline("authpriv.* /var/log/authpriv", f, "local0", "*") cfline("security.* /var/log/security", f, "local0", "*") cfline("mail.info /var/log/maillog", f, "local0", "*") cfline("lpr.info /var/log/lpd-errs", f, "local0", "*") cfline("cron.* /var/log/cron", f, "local0", "*") cfline("*.emerg *", f, "local0", "*") cfline("console.info /var/log/console.log", f, "local0", "*") X X X X X X X X X X X X X X X X X X X X X X X 5 X FILE: /var/log/purchasing X X X X X X X X X X X X X X X X 8 X X X X X X X X FILE: /var/log/postgres X X X X X X X X X X X X X X X X X X 8 X X X X X X FILE: /var/log/qmail/smtpd.log X X X X X X X X X X X X X X X X X X X 8 X X X X X FILE: /var/log/qmail/send X X X X X X X X X X X X X X X X X X X X 8 X X X X FILE: /var/log/qmail/masterlog X X X X X X X X X X 8 X X X X X X X X X X X X X X FILE: /var/log/authpriv (local0) X X X X X X X X X X X X X 8 X X X X X X X X X X X FILE: /var/log/security (local0) X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog (local0) X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs (local0) X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron (local0) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: (local0) X X X X X X X X X X X X X X 6 X X X X X X X X X X FILE: /var/log/console.log (local0) logmsg: pri 56, flags 4, from compname, msg syslogd: restart syslogd: restarted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Seaman Sent: Saturday, May 15, 2004 4:56 AM To: Matt Cyber Dog LaPlante Cc: [EMAIL PROTECTED] Subject: Re: FreeBSD 4.7 Syslogs On Sat, May 15, 2004 at 01:51:40AM -0400, Matt Cyber Dog LaPlante wrote: > I've inherited a FreeBSD 4.7 server as part of a system administration job. > Recently I noticed that the syslog files had stopped collecting data. This > includes /var/log/messages and /var/log/console among others. Up until some > time last week, they'd been full of data, but after some unknown event, all > data collection stopped. I did not build/configure the system, nor am I > very fluent in the ways of BSD, so I do not know where else to begin looking > for answers. I ran the newsyslog program to regenerate all the log files. > It created them, with the single line stating a new log file was created, > but aside from that one line they remain empty. I tried manually restarting > syslogd, as well as rebooting the whole machine, neither of which have had > any effect. I have not manually altered an
RE: FreeBSD 4.7 Syslogs
I tried the logger command, but it didn't reach the messages file (which is still empty). Here is the output from the syslogd -d command: syslogd: bind: Address already in use logmsg: pri 53, flags 4, from , msg syslogd: bind: Address already in use Logging to CONSOLE /dev/console syslogd: bind: Address already in use logmsg: pri 53, flags 4, from , msg syslogd: bind: Address already in use Logging to CONSOLE /dev/console can't open /dev/klog (16) off & running init cfline("local7.crit;local7.err;local7.notice /var/log/purchasing", f, "*", "*") cfline("local0.*/var/log/postgres", f, "*", "*") cfline("local2.* /var/log/qmail/smtpd.log", f, "*", "*") cfline("local3.* /var/log/qmail/send", f, "*", "*") cfline("local4.* /var/log/qmail/masterlog", f, "*", "*") cfline("authpriv.* /var/log/authpriv", f, "local0", "*") cfline("security.* /var/log/security", f, "local0", "*") cfline("mail.info /var/log/maillog", f, "local0", "*") cfline("lpr.info/var/log/lpd-errs", f, "local0", "*") cfline("cron.* /var/log/cron", f, "local0", "*") cfline("*.emerg *", f, "local0", "*") cfline("console.info /var/log/console.log", f, "local0", "*") X X X X X X X X X X X X X X X X X X X X X X X 5 X FILE: /var/log/purchasing X X X X X X X X X X X X X X X X 8 X X X X X X X X FILE: /var/log/postgres X X X X X X X X X X X X X X X X X X 8 X X X X X X FILE: /var/log/qmail/smtpd.log X X X X X X X X X X X X X X X X X X X 8 X X X X X FILE: /var/log/qmail/send X X X X X X X X X X X X X X X X X X X X 8 X X X X FILE: /var/log/qmail/masterlog X X X X X X X X X X 8 X X X X X X X X X X X X X X FILE: /var/log/authpriv (local0) X X X X X X X X X X X X X 8 X X X X X X X X X X X FILE: /var/log/security (local0) X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog (local0) X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs (local0) X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron (local0) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: (local0) X X X X X X X X X X X X X X 6 X X X X X X X X X X FILE: /var/log/console.log (local0) logmsg: pri 56, flags 4, from compname, msg syslogd: restart syslogd: restarted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Seaman Sent: Saturday, May 15, 2004 4:56 AM To: Matt Cyber Dog LaPlante Cc: [EMAIL PROTECTED] Subject: Re: FreeBSD 4.7 Syslogs On Sat, May 15, 2004 at 01:51:40AM -0400, Matt Cyber Dog LaPlante wrote: > I've inherited a FreeBSD 4.7 server as part of a system administration job. > Recently I noticed that the syslog files had stopped collecting data. This > includes /var/log/messages and /var/log/console among others. Up until some > time last week, they'd been full of data, but after some unknown event, all > data collection stopped. I did not build/configure the system, nor am I > very fluent in the ways of BSD, so I do not know where else to begin looking > for answers. I ran the newsyslog program to regenerate all the log files. > It created them, with the single line stating a new log file was created, > but aside from that one line they remain empty. I tried manually restarting > syslogd, as well as rebooting the whole machine, neither of which have had > any effect. I have not manually altered any syslog configuration info, and > I basically have no idea what to try next. I'm a relative noob when it > comes to FreeBSD, so I'd appreciate answers in a simple format. Thanks in > advance... Hmmm... that doesn't sound good. Can you use logger(1) to write a test message into the log files? % logger -p daemon.info -t TEST "Some test message" which should appear in /var/log/messages. If it doesn't, look at /etc/syslog.conf and verify that it is sensible. Then try killing syslogd and starting it up in debug mode: # syslogd -d {other syslog flags} this will not daemonize itself or go into the background and will print out various debugging information as log messages come in. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 4.7 Syslogs
On Sat, May 15, 2004 at 01:51:40AM -0400, Matt Cyber Dog LaPlante wrote: > I've inherited a FreeBSD 4.7 server as part of a system administration job. > Recently I noticed that the syslog files had stopped collecting data. This > includes /var/log/messages and /var/log/console among others. Up until some > time last week, they'd been full of data, but after some unknown event, all > data collection stopped. I did not build/configure the system, nor am I > very fluent in the ways of BSD, so I do not know where else to begin looking > for answers. I ran the newsyslog program to regenerate all the log files. > It created them, with the single line stating a new log file was created, > but aside from that one line they remain empty. I tried manually restarting > syslogd, as well as rebooting the whole machine, neither of which have had > any effect. I have not manually altered any syslog configuration info, and > I basically have no idea what to try next. I'm a relative noob when it > comes to FreeBSD, so I'd appreciate answers in a simple format. Thanks in > advance... Hmmm... that doesn't sound good. Can you use logger(1) to write a test message into the log files? % logger -p daemon.info -t TEST "Some test message" which should appear in /var/log/messages. If it doesn't, look at /etc/syslog.conf and verify that it is sensible. Then try killing syslogd and starting it up in debug mode: # syslogd -d {other syslog flags} this will not daemonize itself or go into the background and will print out various debugging information as log messages come in. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpTVdIfyPqak.pgp Description: PGP signature