logging proftpd question

James Alexander Cook james.cook at utoronto.ca
Thu Feb 24 00:58:08 GMT 2005

On Tue, Feb 22, 2005 at 02:31:03PM -0500, David Banning wrote:
> > I believe the syntax you want is
> > 
> > ftp.*			/var/log/proftpd.log
> > 
> > Make sure the logfile exists (and is writable),
> > otherwise I think syslog will complain.
> Thanks, fellow Torontonian, for your reply. 
> I tried your suggestion previous to my posting, with no result.
> Now, could something in the;
> I tried your suggestion previous to my posting, with no result.  I
> also did a "touch /var/log/proftpd.log" and "chmod 600
> /var/log/proftpd.log"
> The line;
> *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
> is what is grabbing the messages I want to redirect. (I beleive *.notice)
> I just wonder if the line I just mention takes the log entry, if another
> can still take it. Can a log entry only be logged once? Or can you have
> it go to multiply files? (via multiple syslog.conf entries)

I'm pretty sure a log entry can go to as many files as you want.  For example,
my syslog.conf file currently has

*.err;kern.debug;auth.notice;mail.crit          /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
security.*                                      /var/log/security
auth.info;authpriv.info                         /var/log/auth.log
mail.info                                       /var/log/maillog
lpr.info                                        /var/log/lpd-errs
ftp.info                                        /var/log/xferlog
cron.*                                          /var/log/cron
*.=debug                                        /var/log/debug.log
*.emerg                                         *
*.*                                             /var/log/all.log
*.*                                             /var/log/slip.log
*.*                                             /var/log/ppp.log

All of my log messages end up in /var/log/all.log, even though they're also put in /var/log/messages.

The only thing I can think of is that you might have a program or hostname
specification that's messing things up (any line starting with !, #!, + or +!).
Anything following such a line will only apply to certain things; for example,
the only things that end up in /var/log/ppp.log in my configuration are
ppp-related messages (even though the ppp.log line starts with *.*).

That's all I can think of, anyway.  I never touched my syslog.conf file before
a few days ago, so I'm hardly an authority.

> It sure would be easier if in the log entry it said "ftp.notice" or
> some such thing so you -know- how it is being directed.
> I have tried running syslog with -d and -vv and there seems to be no
> indication what the facility name that is used.

- James Cook
  james.cook at utoronto.ca

More information about the freebsd-questions mailing list