FreeBSD 4.7 Syslogs

Micheal Patterson micheal at tsgincorporated.com
Sun May 16 02:04:17 PDT 2004 



----- Original Message ----- 
From: "JJB" <Barbish3 at adelphia.net>
To: "Matt "Cyber Dog" LaPlante" <webmaster at cyberdogtech.com>; "'Matthew
Seaman'" <m.seaman at infracaninophile.co.uk>; <freebsd-questions at freebsd.org>
Sent: Saturday, May 15, 2004 3:04 PM
Subject: RE: FreeBSD 4.7 Syslogs


> Well since you are new to FBSD and since the syslogd -d commands
> shows that you do not have logging specified in /etc/syslog.conf for
> the messages file. You just do not know what you are looking at. Who
> ever was sysadmin before you probably  commented it out for what
> ever reason.
>
> By the way I tried using the logger command on my 4.9 system and it
> did not write any messages at all. So it is no help in debugging
> this problem. I read the man logger info and as usual the man page
> is useless. Who ever writes those must work real hard at writing
> sentences that convey no meanings.

Logger works just fine if you know how to use it and are running it as root
and is a good tool for working with syslog problems. The man pages tell you
quite a bit about provided you can interpret them effectively.

man logger:

logger [-46Ais] [-f file] [-h host] [-p pri] [-t tag] [message ...]

-p pri  Enter the message with the specified priority.  The priority may
             be specified numerically or as a ``facility.level'' pair.  For
             example, ``-p local3.info'' logs the message(s) as
informational
             level in the local3 facility.  The default is ``user.notice.''


man syslogd will give you a list of all priorities and facilities.

Priorities:

LOG_EMERG     A panic condition.  This is normally broadcast to all
                   users.

LOG_ALERT     A condition that should be corrected immediately, such as a
                   corrupted system database.

LOG_CRIT      Critical conditions, e.g., hard device errors.
LOG_ERR       Errors.
LOG_WARNING   Warning messages.
LOG_NOTICE    Conditions that are not error conditions, but should possi-
                   bly be handled specially.
LOG_INFO      Informational messages.
LOG_DEBUG     Messages that contain information normally of use only when
                   debugging a program.

Facilities:

LOG_AUTH      The authorization system: login(1), su(1), getty(8), etc.
LOG_AUTHPRIV  The same as LOG_AUTH, but logged to a file readable only by
                   selected individuals.
LOG_CONSOLE   Messages written to /dev/console by the kernel console out-
                   put driver.
LOG_CRON      The cron daemon: cron(8).
LOG_DAEMON    System daemons, such as routed(8), that are not provided
                   for explicitly by other facilities.
LOG_FTP       The file transfer protocol daemons: ftpd(8), tftpd(8).
LOG_KERN      Messages generated by the kernel.  These cannot be gener-
                   ated by any user processes.
LOG_LPR       The line printer spooling system: lpr(1), lpc(8), lpd(8),
                   etc.
LOG_MAIL      The mail system.
LOG_NEWS      The network news system.
LOG_SECURITY  Security subsystems, such as ipfw(4).
LOG_SYSLOG    Messages generated internally by syslogd(8).
LOG_USER      Messages generated by random user processes.  This is the
                   default facility identifier if none is specified.
LOG_UUCP      The uucp system.
LOG_LOCAL0    Reserved for local use.  Similarly for LOG_LOCAL1 through
                   LOG_LOCAL7.

So, you have facilities of auth, authpriv, console, cron, daemon, ftp, kern,
lpr, mail, news, security, syslog, user, uucp, local0 - local7 and you have
priorities of: emerg, alert, crit, err, warning, notice, info and debug

So, by doing the command logger -p <facility.priority> <message> like so:

logger -p security.notice "This is a test of security.notice"

You get this in your security log which is default to /var/log/security

May 16 03:24:14 router /kernel: ipfw: 65000 Deny TCP 222.90.22.52:4267
68.227.96.223:65506 in via ep0
May 16 03:30:03 router micheal: This is a test of security.notice

If you're running syslogd -d you'll see exactly what was sent to syslogd and
where it was placed:

logmsg: pri 155, flags 0, from router, msg May 16 04:01:04 micheal: This is
a test of security.notice
Logging to FILE /var/log/messages
Logging to CONSOLE /dev/console
Logging to FILE /var/log/security
logmsg: pri 166, flags 17, from router, msg May 16 04:01:04 router micheal:
This is a test of security.notice

As you can see, I have *.notice going to messages and security.* to security
and /dev/console.


--

Micheal Patterson
TSG Network Administration
405-917-0600

Confidentiality Notice:  This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.

More information about the freebsd-questions mailing list