syslog.conf

syslog.conf

Post by Mark Phillip » Thu, 31 May 2001 03:12:08



        Has anyone heard anything detrimental about setting up /etc/syslog.conf
to log to separate files based on facility? I've been doing this for a
couple weeks, and it seems a lot easier to manage, especially since I
have a mail server with nearly 2,000 users.
        Using swatch seems easier, too, since I don't have to search through
gigantic "syslog" or "messages" files (even with rotating these logs
once a week, the syslog file grows to a few hundred MB.

        I have syslog set up so that everything gets logged to one of the
following files:

/var/log/daemon.log
/var/log/kern.log
/var/log/mail.log
...
etc.

        So, if you've heard anything negative about this
(performance/security-wise, especially, on Sparc Solaris 2.6), I would
like to hear about it..

        Thanks,

        Mark

 
 
 

syslog.conf

Post by Barry Margoli » Thu, 31 May 2001 03:56:36




Quote:>    Has anyone heard anything detrimental about setting up /etc/syslog.conf
>to log to separate files based on facility?

We've been doing it for years.  What do you think the facility code is
there for, if not to allow this kind of thing?  Even the default
syslog.conf sends different facilities to different places.

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

syslog.conf

Post by Mark Phillip » Sun, 03 Jun 2001 02:30:45





> >       Has anyone heard anything detrimental about setting up /etc/syslog.conf
> >to log to separate files based on facility?

> We've been doing it for years.  What do you think the facility code is
> there for, if not to allow this kind of thing?  Even the default
> syslog.conf sends different facilities to different places.

...just another case where the default installation of Solaris leaves
much to be desired :)

cool.. at least I know that there are other people doing the same things
out there..

Thanks,

        Mark

> --

> Genuity, Burlington, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
> Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

syslog.conf

Post by Barry Margoli » Sun, 03 Jun 2001 03:33:29







>> >       Has anyone heard anything detrimental about setting up /etc/syslog.conf
>> >to log to separate files based on facility?

>> We've been doing it for years.  What do you think the facility code is
>> there for, if not to allow this kind of thing?  Even the default
>> syslog.conf sends different facilities to different places.

>...just another case where the default installation of Solaris leaves
>much to be desired :)

What do you mean?  You don't think that syslog.conf should send some
messages to the console and others just to /var/adm/messages?

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

syslog.conf

Post by Roger Marqui » Sun, 03 Jun 2001 07:46:12



>...just another case where the default installation of Solaris leaves
>much to be desired :)

No question there.  Our default installation is considerably more
functional:

  kern.debug     /var/log/kern.messages
  daemon.debug   /var/log/daemon.messages
  user.debug     /var/log/user.messages
  cron.err       /var/log/cron.messages
  auth.debug     /var/log/auth.messages
  news.debug     /var/log/news.messages
  mail.info      /var/log/mail.messages
  uucp.debug     /var/log/uucp.messages
  lpr.info       /var/log/lpr.messages
  local0.debug   /var/log/local0.messages
  local1.debug   /var/log/local1.messages
  local2.debug   /var/log/local2.messages
  local3.debug   /var/log/local3.messages
  local4.debug   /var/log/local4.messages
  local5.debug   /var/log/local5.messages
  local6.debug   /var/log/local6.messages
  local7.debug   /var/log/local7.messages
  *.debug,cron.none   /dev/sysmsg

--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/

 
 
 

1. syslog.conf/syslog

I've been trying to get syslog messages from a host to a linux box,
but so far I haven't gotten it to work. I tried it going to a AIX box,
and seems to work fine.

The syntax from the sending box is correct, and as far as I can tell
the syntax on the linux side is correct. I still can't it to send. I
have also rebooted/restarted the syslogd process. I also made sure
that syslogd was not running muliple instances.

Here is a look at my syslog.conf file:

# "mail messages, at debug or higher, go to Log file. File must
exist."
# "all facilities, at debug and higher, go to console"
# "all facilities, at crit or higher, go to all users"
  mail.debug            /usr/spool/mqueue/maillog
*.debug                 /var/spool/mqueue/log
local4.debug            /var/adm/netblazer
#  *.debug              /dev/console
#  *.crit                       *

Any Ideas on why is not working?

Thanks

Lance Miller

2. Ultra 10 and IDE R/W CDROM

3. SYSLOG and syslog.conf

4. 3c59x and cardbus

5. Syslog.conf and remote syslog entries

6. Anybody got good info on PPTP for Linux

7. syslog ignores syslog.conf?

8. In C, how to print stack trace like db

9. /etc/syslog.conf and mail

10. syslog.conf

11. Syslog.conf - HELP

12. syslog.conf

13. syslog.conf question (multiple loghosts)