SYSLOG and syslog.conf

SYSLOG and syslog.conf

Post by ??? » Wed, 29 Jan 2003 15:01:29



Here is my example source code
tenet#>more logtest.c
#include <syslog.h>
#include <stdio.h>
#include <unistd.h>
int main(){
          int logmask;
          openlog("logmask", LOG_PID|LOG_CONS, LOG_USER);
          syslog(LOG_INFO, "informative msg, pid = %d", getpid());
          syslog(LOG_DEBUG, "debug msg, should appear");
          logmask = setlogmask(LOG_MASK(LOG_DEBUG);
          syslog(LOG_DEBUG, "debug msg, should not appear");
          return 0;

Quote:}

tenet#>gcc -g -o logtest logtest.c

And I wand to save these log msg to special file. not /var/log/messages or
/var/log/debug

In my /etc/syslog.conf(FreeBSD 4.6), there are following lines

!startslip
*.*                                             /var/log/slip.log
!ppp
*.*                                             /var/log/ppp.log

So, I add follwong lines in syslog.conf

#XXX PATH XXX - yschoi
#XXX just program name
!logtest
*.*                                             /var/log/a.log
#XXX path and progran name
!/home/guru0109/testlog/logtest
*.*                                             /var/log/a.out.log
#XXX
!./logtest
*.*                                             /var/log/current.log

of course, I make a.log, a.out.log, and current.log respectively.

touch a.log
chmod 600 a.log
...
-snip-

Finally, I restart my syslogd

kill -HUP 75

But I can't see anything in above log files.

and some strange msg are saved in my log files. like..

Jan 28 15:00:00 tenet2 /usr/sbin/cron[224]: (root) CMD (/usr/libexec/atrun)
Jan 28 15:05:00 tenet2 /usr/sbin/cron[234]: (root) CMD (/usr/libexec/atrun)
Jan 28 15:10:00 tenet2 /usr/sbin/cron[245]: (root) CMD (/usr/libexec/atrun)

Why is that?
Any explanations are welcome.
Thx in advance

--
y.s. choi

 
 
 

SYSLOG and syslog.conf

Post by those who know me have no need of my nam » Fri, 31 Jan 2003 14:10:07


in comp.unix.programmer i read:

Quote:>          openlog("logmask", LOG_PID|LOG_CONS, LOG_USER);
>In my /etc/syslog.conf(FreeBSD 4.6), there are following lines
>!logtest
>*.*                                             /var/log/a.log

perhaps you want to use `logmask' here.

Quote:>and some strange msg are saved in my log files. like..

>Jan 28 15:00:00 tenet2 /usr/sbin/cron[224]: (root) CMD (/usr/libexec/atrun)
>Jan 28 15:05:00 tenet2 /usr/sbin/cron[234]: (root) CMD (/usr/libexec/atrun)
>Jan 28 15:10:00 tenet2 /usr/sbin/cron[245]: (root) CMD (/usr/libexec/atrun)

>Why is that?

you probably put your custom lines at the top of the file.  a !prog line
affects all following statements, not just the next one; it persists until
the next ! line, so either put your stuff at the bottom or reset the the
program (by using `*').

--
bringing you boring signatures for 17 years

 
 
 

SYSLOG and syslog.conf

Post by Valentin Nechaye » Fri, 31 Jan 2003 19:52:27


1. You passed "logmask" to openlog(), but you try to make section
for logtest in syslog.conf. It is incorrect. Syslog knows nothing for
your program name (this is absolutely insecure service which only gets
strings passed to its by any agent and writes it to specified channels).
Make ident names in openlog and syslog.conf identical.

2. Syslog output channels are fully independent one from another.
If you think that output of something to another file prohobits its output
to /var/log/messages, you are wrong. Each output channel has program name
specification (`!name'), hostname speficication and list of target priority
(facility and level) speficications (e.g. `kern.*,local7.none,mail.warn').
If you want to exclude, e.g., local7.* from /var/log/messages, it is possible.
But if /var/log/messages gets daemon.info and you want to exclude output
of program which logs as daemon.info, you can't do it.
General trick: deny logging of some local<N> facility from all standard
logs, send syslog messages from program using this facility, and write
this facility based on program name.

Quote:>           openlog("logmask", LOG_PID|LOG_CONS, LOG_USER);
>           syslog(LOG_INFO, "informative msg, pid = %d", getpid());
>           syslog(LOG_DEBUG, "debug msg, should appear");

[...]

Quote:> And I wand to save these log msg to special file. not /var/log/messages or
> /var/log/debug
> So, I add follwong lines in syslog.conf
> #XXX PATH XXX - yschoi
> #XXX just program name
> !logtest
> *.*                                             /var/log/a.log
> #XXX path and progran name
> !/home/guru0109/testlog/logtest
> *.*                                             /var/log/a.out.log
> #XXX
> !./logtest
> *.*                                             /var/log/current.log
> and some strange msg are saved in my log files. like..
> Jan 28 15:00:00 tenet2 /usr/sbin/cron[224]: (root) CMD (/usr/libexec/atrun)
> Jan 28 15:05:00 tenet2 /usr/sbin/cron[234]: (root) CMD (/usr/libexec/atrun)
> Jan 28 15:10:00 tenet2 /usr/sbin/cron[245]: (root) CMD (/usr/libexec/atrun)
> Why is that?

Because of:


*/5     *       *       *       *       root    /usr/libexec/atrun

This is standard FreeBSD crontab entry. Don't delete it unless you want
to remove `at' service totally.

-netch-

 
 
 

1. Tuning syslog/Syslog reporting/Syslog enhancement/replacements

Hello,

        I have been investigating using syslog's logging facilities. I have
currently set up our network to log to a central logging host. In my
preliminary attempts, I have set up syslog to dump everything to a single file,
which gets messy. I've sorted out the files now, and I have noticed that
certain applications such as telnetd and ftpd write to the LOG_MAIL facility.
Is there
a way to alter the logging facility that they report to, or will I have to have
modified binaries to handle this? I'm mostly concerned with our AIX machines
but we also have HPUX, Sunos/Solaris, and OSF. I could very well have it dump
all
information and sort out the data based on rules I develop using
sed/awk/perl/grep (whatever), But it would be nicer if it were done by
syslog/programs writing to syslog.

        Also, is anyone familiar with any other logging utilities? I would be grateful
for some help/advice or some pointers to where to find this information.

Thanks for your help.

Adam

2. ksh scripting

3. syslog.conf/syslog

4. multi interface all w/ same mac addr (?)

5. creating different syslog file /var/log/syslog.0 /var/log/syslog.1...

6. 802.11B Support for Allied Telesyn AT-WR2411

7. Syslog.conf and remote syslog entries

8. SunISDN & SecureID

9. syslog ignores syslog.conf?

10. Syslog replay script for centralized syslog host

11. Syslog parser wanted to replace Kiwi Syslog (win32)

12. Sending syslog messages to a remote syslog server

13. Syslog question - getting other hosts' syslog messages