Re: syslog.conf(5): example about logging by sender
OK millert@ for that version. - todd
Re: syslog.conf(5): example about logging by sender
On Thu, Feb 01, 2018 at 02:26:16PM +0100, Alexander Bluhm wrote: > On Thu, Feb 01, 2018 at 09:08:04AM +0100, Landry Breuil wrote: > > > # Log everything coming from host bastion to a separate file > > > ++bastion /var/log/bastion > > > *.* > > > +* > > > > well maybe that's clearer, but the version without *.* works here.. i > > dont have a preference, so i'll defer to experts :) > > I wonder how that works. I have tried it and it does not, my > understanding of the code is that everything after ++bastion on > that line is not parsed. > > The log file name must be in the same line as the severity and > facility. The hostname just starts the block. And the block should > be closed. I put that block at the beginning of my syslog.conf. > > ++bastion > *.* /var/log/bastion > +* Dammit, you're right again :) I had a closer look, and indeed the version without the facility.severity *doesn't* work. So indeed this version should be better: Index: syslog.conf.5 === RCS file: /cvs/src/usr.sbin/syslogd/syslog.conf.5,v retrieving revision 1.34 diff -u -r1.34 syslog.conf.5 --- syslog.conf.5 6 Jul 2016 19:29:13 - 1.34 +++ syslog.conf.5 1 Feb 2018 14:05:06 - @@ -306,6 +306,11 @@ # Root and Eric get alert and higher messages. *.alertroot,eric +# Log everything coming from host bastion to a separate file +++bastion +*.*/var/log/bastion ++* + # Save mail and news errors of level err and higher in a # special file. mail,news.err /var/log/spoolerr
Re: syslog.conf(5): example about logging by sender
On Thu, Feb 01, 2018 at 09:08:04AM +0100, Landry Breuil wrote: > > # Log everything coming from host bastion to a separate file > > ++bastion /var/log/bastion > > *.* > > +* > > well maybe that's clearer, but the version without *.* works here.. i > dont have a preference, so i'll defer to experts :) I wonder how that works. I have tried it and it does not, my understanding of the code is that everything after ++bastion on that line is not parsed. The log file name must be in the same line as the severity and facility. The hostname just starts the block. And the block should be closed. I put that block at the beginning of my syslog.conf. ++bastion *.* /var/log/bastion +* bluhm
Re: syslog.conf(5): example about logging by sender
On Wed, Jan 31, 2018 at 03:06:13PM -0700, Todd C. Miller wrote: > On Wed, 31 Jan 2018 20:44:10 +0100, Landry Breuil wrote: > > > the default etc/syslog.conf has a commented out example for by-prog > > logging, but nothing for by-host logging. I fighted a bit with it; so > > why not providing an example in the EXAMPLES section of the manpage ? > > I recently did the same so an example would be nice. I do have one > question though. > > > Index: syslog.conf.5 > > === > > RCS file: /cvs/src/usr.sbin/syslogd/syslog.conf.5,v > > retrieving revision 1.34 > > diff -u -r1.34 syslog.conf.5 > > --- syslog.conf.5 6 Jul 2016 19:29:13 - 1.34 > > +++ syslog.conf.5 31 Jan 2018 19:40:59 - > > @@ -306,6 +306,10 @@ > > # Root and Eric get alert and higher messages. > > *.alertroot,eric > > > > +# Log everything coming from host bastion to a separate file > > +++bastion /var/log/bastion > > ++* > > Shouldn't this be: > > # Log everything coming from host bastion to a separate file > ++bastion /var/log/bastion > *.* > +* well maybe that's clearer, but the version without *.* works here.. i dont have a preference, so i'll defer to experts :) Landry
Re: syslog.conf(5): example about logging by sender
On Thu, 01 Feb 2018 01:55:18 +0200, Kapetanakis Giannis wrote: > On 01/02/18 00:06, Todd C. Miller wrote: > > > > Shouldn't this be: > > > > # Log everything coming from host bastion to a separate file > > ++bastion /var/log/bastion > > *.* > > +* > > how about > > # Log everything coming from host bastion to a separate file > ++bastion > *.* /var/log/bastion No, you need the: +* to reset the destination file, otherwise none of the later rules will get logged. If you use "+bastion" instead of "++bastion" you don't need to have the "+*" afterward but then later rules will also match the log data from "bastion", which is not what is intended here. It works the same way as "!!program" where you need to have a "!*" after the destination lines. - todd
Re: syslog.conf(5): example about logging by sender
On 01/02/18 00:06, Todd C. Miller wrote: Shouldn't this be: # Log everything coming from host bastion to a separate file ++bastion /var/log/bastion *.* +* how about # Log everything coming from host bastion to a separate file ++bastion *.* /var/log/bastion G
Re: syslog.conf(5): example about logging by sender
On Wed, 31 Jan 2018 20:44:10 +0100, Landry Breuil wrote: > the default etc/syslog.conf has a commented out example for by-prog > logging, but nothing for by-host logging. I fighted a bit with it; so > why not providing an example in the EXAMPLES section of the manpage ? I recently did the same so an example would be nice. I do have one question though. > Index: syslog.conf.5 > === > RCS file: /cvs/src/usr.sbin/syslogd/syslog.conf.5,v > retrieving revision 1.34 > diff -u -r1.34 syslog.conf.5 > --- syslog.conf.5 6 Jul 2016 19:29:13 - 1.34 > +++ syslog.conf.5 31 Jan 2018 19:40:59 - > @@ -306,6 +306,10 @@ > # Root and Eric get alert and higher messages. > *.alert root,eric > > +# Log everything coming from host bastion to a separate file > +++bastion/var/log/bastion > ++* Shouldn't this be: # Log everything coming from host bastion to a separate file ++bastion /var/log/bastion *.* +* > + > # Save mail and news errors of level err and higher in a > # special file. > mail,news.err/var/log/spoole > rr >
syslog.conf(5): example about logging by sender
Hi, the default etc/syslog.conf has a commented out example for by-prog logging, but nothing for by-host logging. I fighted a bit with it; so why not providing an example in the EXAMPLES section of the manpage ? Landry Index: syslog.conf.5 === RCS file: /cvs/src/usr.sbin/syslogd/syslog.conf.5,v retrieving revision 1.34 diff -u -r1.34 syslog.conf.5 --- syslog.conf.5 6 Jul 2016 19:29:13 - 1.34 +++ syslog.conf.5 31 Jan 2018 19:40:59 - @@ -306,6 +306,10 @@ # Root and Eric get alert and higher messages. *.alertroot,eric +# Log everything coming from host bastion to a separate file +++bastion /var/log/bastion ++* + # Save mail and news errors of level err and higher in a # special file. mail,news.err /var/log/spoolerr
