syslog.conf questions..

B. Cook bcook at poughkeepsieschools.org
Thu Jun 14 18:24:57 UTC 2007 

Hello all,

I am trying to have different cisco routers log to a different log file. 
  The log file is located on a 6.2 box running the stock syslogd.  For 
what it is worth I have nine of these, only three are shown

syslogd is running with -n -vv -d at the moment.. I did not have to 
specify -a 10.20.250.54:* to allow it to log.. (is that part of the 
problem..?)

But the question is.. I do get logs from the respective hosts in the log 
files that I have specified, but I do not understand why syslogd is also 
catching them in the original local7.* /var/log/router/3620.log when as 
far as I can tell they are setup correctly.

below is the relevant portions of the syslog.conf.

  [~]# 18 > egrep -v "#" /etc/syslog.conf  | cat -n
      1
      2  +10.20.250.54
      3  *.*                             /var/log/router/circle.log
      4  -10.20.250.54
      5
      6  +10.20.250.42
      7  *.*                             /var/log/router/columbus.log
      8  -10.20.250.42
      9
     10  +10.20.250.38
     11  *.*                             /var/log/router/clinton.log
     12  -10.20.250.38
     13
     14  +10.20.0.10
     15  *.*                            /var/log/router/tcentral.log
     16  -10.20.0.10
     17
     18  *.err;kern.warning;auth.notice;mail.crit     /dev/console
     19  *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err 
  /var/log/messages
     20  security.*                          /var/log/security
     21  auth.info;authpriv.info             /var/log/auth.log
     22  mail.info                          /var/log/maillog
     23  lpr.info                               /var/log/lpd-errs
     24  ftp.info                                 /var/log/xferlog
     25  local7.*                                /var/log/router/3620.log
     26  cron.*                                   /var/log/cron
     27  *.=debug                                /var/log/debug.log
     28  *.emerg                                         *
     29  !startslip
     30  *.*                                    /var/log/slip.log
     31  !ppp
     32  *.*                                     /var/log/ppp.log



and with syslogd in debug mode I see this:

and tcvthname(10.20.250.38)
logmsg: pri 276, flags 0, from 10.20.250.38, msg 1262: Jun 14 
18:13:04.770: %SEC-6-IPACCESSLOGP: list 2044 denied udp 
10.20.18.28(1039) -> 10.20.0.212(161), 1 packet
Logging to FILE /var/log/router/clinton.log
Logging to FILE /var/log/router/3620.log

cvthname(10.20.250.42)
logmsg: pri 276, flags 0, from 10.20.250.42, msg 68: Jun 14 
18:13:04.835: %SEC-6-IPACCESSLOGP: list 2044 denied udp 10.20.8.57(1040) 
-> 10.20.3.60(161), 4 packets
Logging to FILE /var/log/router/columbus.log
Logging to FILE /var/log/router/3620.log

I do not understand why the local7.* is still getting caught.. From what 
I understood from the man page, the - tells it to stop logging from that 
host.

Whatever the last 'host' entry is in the syslog.conf that host will not 
log into both files.

from the 10.20.0.10 host I have configured syslog:

local7.*  @10.20.0.29
and when I run logger:

date | logger -p local7.debug

cvthname(10.20.0.10)
logmsg: pri 277, flags 0, from 10.20.0.10, msg Jun 14 14:21:03 bcook: 
Thu Jun 14 14:21:03 EDT 2007
Logging to FILE /var/log/router/tcentral.log

I get what I think I should..

Why do the previous entries not act the same as the last one?

What am I missing?

More information about the freebsd-questions mailing list