FreeBSD 4.7 Syslogs
Micheal Patterson
micheal at tsgincorporated.com
Sun May 16 02:04:17 PDT 2004
----- Original Message -----
From: "JJB" <Barbish3 at adelphia.net>
To: "Matt "Cyber Dog" LaPlante" <webmaster at cyberdogtech.com>; "'Matthew
Seaman'" <m.seaman at infracaninophile.co.uk>; <freebsd-questions at freebsd.org>
Sent: Saturday, May 15, 2004 3:04 PM
Subject: RE: FreeBSD 4.7 Syslogs
> Well since you are new to FBSD and since the syslogd -d commands
> shows that you do not have logging specified in /etc/syslog.conf for
> the messages file. You just do not know what you are looking at. Who
> ever was sysadmin before you probably commented it out for what
> ever reason.
>
> By the way I tried using the logger command on my 4.9 system and it
> did not write any messages at all. So it is no help in debugging
> this problem. I read the man logger info and as usual the man page
> is useless. Who ever writes those must work real hard at writing
> sentences that convey no meanings.
Logger works just fine if you know how to use it and are running it as root
and is a good tool for working with syslog problems. The man pages tell you
quite a bit about provided you can interpret them effectively.
man logger:
logger [-46Ais] [-f file] [-h host] [-p pri] [-t tag] [message ...]
-p pri Enter the message with the specified priority. The priority may
be specified numerically or as a ``facility.level'' pair. For
example, ``-p local3.info'' logs the message(s) as
informational
level in the local3 facility. The default is ``user.notice.''
man syslogd will give you a list of all priorities and facilities.
Priorities:
LOG_EMERG A panic condition. This is normally broadcast to all
users.
LOG_ALERT A condition that should be corrected immediately, such as a
corrupted system database.
LOG_CRIT Critical conditions, e.g., hard device errors.
LOG_ERR Errors.
LOG_WARNING Warning messages.
LOG_NOTICE Conditions that are not error conditions, but should possi-
bly be handled specially.
LOG_INFO Informational messages.
LOG_DEBUG Messages that contain information normally of use only when
debugging a program.
Facilities:
LOG_AUTH The authorization system: login(1), su(1), getty(8), etc.
LOG_AUTHPRIV The same as LOG_AUTH, but logged to a file readable only by
selected individuals.
LOG_CONSOLE Messages written to /dev/console by the kernel console out-
put driver.
LOG_CRON The cron daemon: cron(8).
LOG_DAEMON System daemons, such as routed(8), that are not provided
for explicitly by other facilities.
LOG_FTP The file transfer protocol daemons: ftpd(8), tftpd(8).
LOG_KERN Messages generated by the kernel. These cannot be gener-
ated by any user processes.
LOG_LPR The line printer spooling system: lpr(1), lpc(8), lpd(8),
etc.
LOG_MAIL The mail system.
LOG_NEWS The network news system.
LOG_SECURITY Security subsystems, such as ipfw(4).
LOG_SYSLOG Messages generated internally by syslogd(8).
LOG_USER Messages generated by random user processes. This is the
default facility identifier if none is specified.
LOG_UUCP The uucp system.
LOG_LOCAL0 Reserved for local use. Similarly for LOG_LOCAL1 through
LOG_LOCAL7.
So, you have facilities of auth, authpriv, console, cron, daemon, ftp, kern,
lpr, mail, news, security, syslog, user, uucp, local0 - local7 and you have
priorities of: emerg, alert, crit, err, warning, notice, info and debug
So, by doing the command logger -p <facility.priority> <message> like so:
logger -p security.notice "This is a test of security.notice"
You get this in your security log which is default to /var/log/security
May 16 03:24:14 router /kernel: ipfw: 65000 Deny TCP 222.90.22.52:4267
68.227.96.223:65506 in via ep0
May 16 03:30:03 router micheal: This is a test of security.notice
If you're running syslogd -d you'll see exactly what was sent to syslogd and
where it was placed:
logmsg: pri 155, flags 0, from router, msg May 16 04:01:04 micheal: This is
a test of security.notice
Logging to FILE /var/log/messages
Logging to CONSOLE /dev/console
Logging to FILE /var/log/security
logmsg: pri 166, flags 17, from router, msg May 16 04:01:04 router micheal:
This is a test of security.notice
As you can see, I have *.notice going to messages and security.* to security
and /dev/console.
--
Micheal Patterson
TSG Network Administration
405-917-0600
Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
More information about the freebsd-questions
mailing list