syslog facilities problem

syslog facilities problem

Post by Robert Low » Sun, 08 Oct 2000 04:00:00



Hi!

I'm trying to log messages from a firewall to a Tru64 box.  The firewall
allows me to choose facilities 16-23, which are to correspond with
local0-local7.  I have not been successful in logging anything however.
So I went digging a bit.  In /usr/include/syslog_pri.h, one will find
the entries listed for the various facilities.  You will note, that
while the entries for local0-local7 appear to be shown as 16-23, they
are bit-shifted three places.  A brief trip through the logger man
page seems to support this, since one can specify facilities by name
or by number, and the numbers are all 8x what you would expect.  So,
how can I log messages to my Tru64 4.0d box if the firewall s/w lets
me specify 16-23 but syslogd really seems to want 16...23 x 8 ???  Or
are message facilities from incoming messages shifted appropriately,
and the code for logger just didn't bother, i.e. my problem lies
elsewhere?  

TIA,
Robert

 
 
 

syslog facilities problem

Post by Andrew Mo » Tue, 10 Oct 2000 10:20:30




Quote:> Hi!

> I'm trying to log messages from a firewall to a Tru64 box.  The firewall
> allows me to choose facilities 16-23, which are to correspond with
> local0-local7.  I have not been successful in logging anything however.

Not sure if this is the problem, but to log remote messages, a
/etc/syslog.auth containing an entry for each host you want to log from,
must be set up on the local machine.  See man syslog.auth for more info.

Andrew
--

         Unix Environment Specialist, Information Technology Services
                    La Trobe University, Bundoora

 
 
 

syslog facilities problem

Post by Robert Low » Tue, 10 Oct 2000 04:00:00





> > Hi!

> > I'm trying to log messages from a firewall to a Tru64 box.  The firewall
> > allows me to choose facilities 16-23, which are to correspond with
> > local0-local7.  I have not been successful in logging anything however.

> Not sure if this is the problem, but to log remote messages, a
> /etc/syslog.auth containing an entry for each host you want to log from,
> must be set up on the local machine.  See man syslog.auth for more info.

Yeah, except that's for v5, but it wasn't there for 4.0d.  :-(  It was a
good thought though.  I'll get a packet trace and see if I can't learn
more that way.

-Robert

 
 
 

syslog facilities problem

Post by Nick Hil » Wed, 11 Oct 2000 04:00:00



> > Not sure if this is the problem, but to log remote messages, a
> > /etc/syslog.auth containing an entry for each host you want to log from,
> > must be set up on the local machine.  See man syslog.auth for more info.

> Yeah, except that's for v5, but it wasn't there for 4.0d.  :-(  It was a
> good thought though.  I'll get a packet trace and see if I can't learn
> more that way.

> -Robert

It was! From one of the patch kits onwards I believe it was introduced
for 4.0d. I cannot remember when it came in but it did. I need to a
syslog.auth entry to allow systems to syslog to my 4.0d systems.

Nick Hill
ITD SCS Group
Rutherford Appleton Labs
Chilton, Didcot
OXON, UK