Ifdef statement in syslog.conf
Hello,
what means the following lines in syslog.conf:
auth.notice
ifdef(`LOGHOST', /var/log/authlog, @loghost)
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
How to configure syslog to send messages to both local file and loghost server.
Thanks and regards,
Piotr
Hi,
syslog.conf is processed by m4(1) before it is used. Please see syslog.conf(4):
The file /etc/syslog.conf contains information used by the
system log daemon, syslogd(1M), to forward a system message
to appropriate log files and/or users. syslogd preprocesses
this file through m4(1) to obtain the correct information
for certain log files, defining LOGHOST if the address of
"loghost" is the same as one of the addresses of the host
that is running syslogd.
Taking the first statement: If you want to log auth.notice to both /var/log/authlog and to a remote loghost
you may want to change the line into something like:
auth.notice /var/log/authlog
auth.notice @loghost
Make sure not to create forwarding loops that way.
Regards,
Ronald
Similar Messages
-
Configuration issue of syslog.conf
Dear All,
My client is facing a configuration issue of syslog.conf.
They have set a cacti on a Linux server for monitoring of all servers snmp & syslog.
The part of snmp has set up successfully but cannot send the syslog to the cacti.
My client want the syslog can keep on the localhost and send to cacti for monitoring
we have tried to do the following things for make it work:
Insert the information (*.* @10.251.99.74) in /etc/syslog.conf
Restart service of system-log
Deleted all word of loghost in the /etc/hosts file
But still not work. Anyone can give me suggestion or idea about this?Thank you for your reply.
It is tab. But I think the problem is solaris cannot use *.* to represent all logs.
I have used the following is work
*.err;ker.debug;daemon.notice;mail.crit @10.251.99.74
If that is not the mail reason, please put me right. -
Missing syslog.conf file in /etc folder!
How do I create a syslog.conf file that I need in the /etc folder to resolve an isssue with DoorStop?
/etc/syslog.conf already exists - you just need to edit it to your needs.
The issue, of course, is that only root can edit this file. Your best bet is to run your favorite text editor using sudo in Terminal.app, e.g.:
sudo vi /etc/syslog.conf -
Hello. I was trying to configure proftpd and intended to delete proftpd.conf, but instead I deleted syslog.conf. I am using the following version of Mac OS X:
System Version: Mac OS X 10.4.10 (8R2232)
Kernel Version: Darwin 8.10.1
Could somebody with a similar configuration please post the contents of their syslog.conf file so that I can re-create the file on my system without having to re-install the OS?/etc/syslog.conf already exists - you just need to edit it to your needs.
The issue, of course, is that only root can edit this file. Your best bet is to run your favorite text editor using sudo in Terminal.app, e.g.:
sudo vi /etc/syslog.conf -
Cisco Prime Soft Appliance not saving changes to syslog.conf
Greetings,
I'm having an issue with the syslog.conf file on a Cisco Prime LMS 4.2.4 soft appliance with a Solaris base. My workplace uses local4 as the logging facility for its network devices, and according to a discussion I found on this site, I need to add the line:
local4.info /var/log/syslog_info
I have attempted this several times; we're approaching at least 5 attempts today. I have attached text files created from putty logs where I've attempted to make the necessary change. I appreciate any assistance the community can provide.
Regards,
RobHi, Afroz,
I really appreciate your assistance, but I'm afraid my hopes have been dashed. The syslog.conf reverted to its original configuration. I will go through my steps to be sure that I understood your suggestion properly.
I edited the syslog.conf to put all messages from local4 in /opt/CSCOpx/conf/syslog-entries.txt. Then, I exited the shell to the console, issued the 'write mem' command, and closed the session. Upon my reconnection, I found that my changes to the syslog.conf were not saved.
Did I make the correct edits in the correct places? Another question, is this bug present in the versions of Prime LMS running Linux and/or Windows, or does it only exist in the soft appliance running Solaris?
Regards,
Rob
Edit:
I'm reading the "Installation and Migration of Cisco Prime" PDF, and it gives me the impression that Cisco Prime is only supported as Windows, Solaris, and soft appliance installations. Is that correct? If it is correct, then installation of Cisco Prime LMS is not supported on other Linux distros such as Ubuntu Server, CentOS, Fedora, etc.?
My thanks. -
I'm seeing tons of syslog in in var/log/messages. when I look at the logs they are mostly duplicate of what I see in the syslog_info file. Due to this my var/log is filling up so fast. Do I need to update my syslog.conf file, what is the recommended settings for prime LMS 4.2 ?
-rw------- 1 root root 808570913 Dec 16 04:05 messages.1
-rw-rw-r-- 1 root sys 14259416649 Dec 17 08:59 syslog_info
-rw------- 1 root root 201355173 Dec 17 08:59 messages
Here is my current syslog.conf file
local6.info /var/log/ade/ADE.log
*.info;mail.none;news.none;authpriv.none;cron.none;local0.none;local1.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
#Application LMS Generated config
#BEGIN CSCOmd - DO NOT EDIT THESE COMMENTS OR CONTENTS CONTAINED WITHIN - local0 1
local0.emerg;local0.alert;local0.crit;local0.err;local0.warning;local0.notice;local0.info;local0.debug /var/adm/CSCOpx/log/dmgtd.lo
g
#END CSCOmd DO NOT EDIT BEFORE THIS LINE 1
local7.info /var/log/syslog_infoUsually we dont recommend to change anything on syslog.conf. Syslog_info is the file where all the syslogs coming from network pointed to LMS server is written.
Usually they should be controlled at the device level by checking the logging level of devices.
Mostly ASA/FW's send excessively huge amount of syslogs to LMS server which should be controlled. Also, you can check the logrot utility to control the syslog_info log size to keep in check. Logrot is an Log file rotation utilit in LMS.
Log files can expand and fill up disk space. Log files rotation helps you manage the log files more efficiently. See
Maintaining Log Files for an overview of maintaining the log files in LMS Server.
For more details on logrot check userguide :
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/admin/server.html#wp1055307
-Thanks -
I have configured my /etc/syslog.conf to split up my whole-house central logs, however I am missing something. All log files are getting all the data. I had this perfect last week, did a restore, and had to re-author it and am getting super fustrated. All the docs are so conflicting so I'm looking for someone to just smack me in the right direction
# /etc/syslog.conf
+switch1.mydomain
*.* /var/log/mydomain/switch1.mydomain
+switch2.mydomain
*.* /var/log/mydomain/switch2.mydomain
========
-rw-r--r-- 1 root wheel 1946 May 6 09:22 switch1.mydomain
-rw-r--r-- 1 root wheel 1946 May 6 09:22 switch2.mydomain
^^^^^
All logs are going to all files.
Some folks say put a +* after the *.* or a ! or a *+ or a this or a that.
What is the correct answer?
While you're here, what is the appropriate syntax to have a master file, based upon ip subnet
+1.2.3.*
*.* /var/log/myfile
and how do I filter myself (the mac)
+1.2.3.* but filter 1.2.3.10
*.* /var/log/myfileObviously since I had stuff streaming to syslog, I had already put that there.
I have plutil whatnot -binary1. So the config files, I converted to xml, edited, restored to binary, ran the things you are suposed to run. I have since done several clean reboots.
The current question is why do I have this all configured properly, however acl.conf is being basically ignored?
> plutil -convert xml1 /System/Library/LaunchDaemons/com.apple.syslogd.plist
> pico /System/Library/LaunchDaemons/com.apple.syslogd.plist
> plutil -convert binary1 /System/Library/LaunchDaemons/com.apple.syslogd.plist
> launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
> launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
===============
== /System/Library/LaunchDaemons/com.apple.syslogd.plist
===============
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableTransactions</key>
<true/>
<key>EnvironmentVariables</key>
<dict>
<key>ASL_DISABLE</key>
<string>1</string>
</dict>
<key>HopefullyExitsLast</key>
<true/>
<key>JetsamProperties</key>
<dict>
<key>JetsamMemoryLimit</key>
<integer>300</integer>
<key>JetsamPriority</key>
<integer>-49</integer>
</dict>
<key>Label</key>
<string>com.apple.syslogd</string>
<key>MachServices</key>
<dict>
<key>com.apple.system.logger</key>
<dict>
<key>ResetAtClose</key>
<true/>
</dict>
</dict>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/syslogd</string>
<string>-bsd_out</string>
<string>1</string>
</array>
<key>Sockets</key>
<dict>
<key>AppleSystemLogger</key>
<dict>
<key>SockPathMode</key>
<integer>438</integer>
<key>SockPathName</key>
<string>/var/run/asl_input</string>
</dict>
<key>BSDSystemLogger</key>
<dict>
<key>SockPathMode</key>
<integer>438</integer>
<key>SockPathName</key>
<string>/var/run/syslog</string>
<key>SockType</key>
<string>dgram</string>
</dict>
<key>NetworkListener</key>
<dict>
<key>SockServiceName</key>
<string>syslog</string>
<key>SockType</key>
<string>dgram</string>
</dict>
</dict>
</dict>
</plist>
===============
=== /etc/syslog.conf
===============
bash-3.2# cat /etc/syslog.conf
# Note that flat file logs are now configured in /etc/asl.conf
install.* @127.0.0.1:32376
local6.warn /Library/Logs/Mail/mailaccess.log
=============
=== /etc/asl.conf
=============
# Mail access log facility
? [= Facility dovecot] [<= Level info] file /Library/Logs/Mail/mailaccess.log mode=0640 uid=214 gid=6 format=bsd
======= [Standard file above here] ==========
===== mydomain is actually a FQDN that I redacted
====================================
# example showing how everything above this is out-of-the box standard... My stuff @ the end of asl.conf
#mydomain
? [= Host core1.mydomain] file /var/log/mydomain/core1.mydomain
? [= Host switch1.mydomain] file /var/log/mydomain/switch1.mydomain
? [= Host switch2.mydomain] file /var/log/mydomain/switch2.mydomain
? [= Host wirelessu.mydomain] file /var/log/mydomain/wirelessu.mydomain
? [= Host wirelessd.mydomain] file /var/log/mydomain/wirelessd.mydomain
? [= Host air1.mydomain] file /var/log/mydomain/air1.mydomain
? [= Host cap1.mydomain] file /var/log/mydomain/cap1.mydomain
? [= Host tv1.mydomain] file /var/log/mydomain/tv1.mydomain
? [Z= Host .mydomain] file /var/log/mydomain/mydomain aslmanager_debug=1
===============
== bash-3.2# ls -la /var/log/mydomain/
===============
total 0
drwxr-xr-x 11 root wheel 374 May 6 11:02 .
drwxr-xr-x 69 root wheel 2346 May 6 11:31 ..
-rw-r--r-- 1 root wheel 0 May 6 11:02 air1.mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 cap1.mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 core1.mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 switch1.mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 switch2.mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 tv1.mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 wirelessd.mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 wirelessu.mydomain
Recap...
When I edit syslog.conf, I was getting my data, however my understanding of syslog is way too advanced - this - that - huge arrays of syslog servers - ngsyslog - logrotate - newsyslog - the works.. but when I edit the OG classic BSD format, I fail with the !'s and +'s... so I was asking for help there. Also I tried to do asl.conf first, and that gave me 0 byte files. I did proove that I am getting syslog data and routing it when using syslog.conf, just due to my borked config, all logs were going to all files. So now I rolled that back and am just using asl.conf, but I get no logs. -
what is syslog.conf facility?
HI,
/etc/syslog.conf — the configuration file used to control the logging and routing of system log events
For more details please refer to http://www.nongnu.org/lpi-manuals/lpi-102/html/ch09.html#syslogconf
Regards
Terry -
Hello all....I am working on setting up the auditing to write to syslogs. I am having trouble understanding what to use for the facility and level. Can anyone point me in the right direction as to what these facilities and levels mean?
TIAi believe those terms are related to syslog which is used on nix systems. if you are using nix then you should check the man page on syslog.conf.
as the docs state, the facility indicates where the message is coming from (such as the kernel, cron, local0 - local 7), and there's the level, which indicates how urgent the message is (info, warning, critical...).
i say this with never actually having used it though...
if you're using windows, well, .... i can't say. -
I am having trouble setting up a server for syslogd files on Solaris 10 update 8 (october release, i think). I have this working find on another machine, it has solaris 10 update 7, although I doubt that the difference in Solaris updates is the problem. The working machine is host "Ysera" and the non-working machine is host "malygos".
I have logs coming from a remote host, and I'd like them to be logged to their own log file (travistest). They are coming in through the local4 facility.
Following is the syslog.conf file. This file is identical for both hosts.
### comments ####
local4.debug /tmp/travistest
local3.debug /tmp/travistest
local1.debug /tmp/travistest
*.debug /var/adm/messages
*.alert root
# These are tabs and NOT spaces, and no trailing whitespace after the actionThe /etc/services file DOES have the line. This is true for both machines.
syslog 514/udpI can verify that remote logging is activated on both:
root@malygos#svccfg -s system-log listprop | grep remote
config/log_from_remote boolean true
root@ysera#svccfg -s system-log listprop | grep remote
config/log_from_remote boolean true true trueAny idea why Ysera gives a value of "true true true"?? that is crazy talk to me. Also, strangely, look at the /etc/default/syslogd for Ysera (the working machine)
# all those comments that say that this file is deprecated
# The LOG_FROM_REMOTE setting used to affect the logging of remote messages.
# Its definition here will override the svccfg(1M) settings for log_from_remote
# log_from_remote=yeslog_from remote is still commented out!! so how is it still active?
I have altered the /ect/default/syslogd file in the Malygos (non-working) machine to match this, and also to uncomment it and had no luck. I've attempted to use the setprop command to match the "true true true" property and recieved a syntax error. I tried again trying to put quotes are the "true true true", single quotes, ticks, no marks, and nothing works.
Does anyone have any ideas how I can get the remote log to work?? I know that the port is open...
root@malygos#netstat -an | grep 514
*.514 *.* 0 0 49152 0 LISTENI cannot just make Ysera my log server. Both of these machines are development machines and do not carry the "gold" copy of the system files. In order to send a delivery I need to know why Ysera is working so I can duplicate that code for our final product. Thanks ahead of time for any ideas.Thanks again for the response!!
root@malygos#svcs -a | grep ipf
disabled 13:59:02 svc:/network/ipfilter:defaultipf.conf
root@malygos#cat /etc/ipf/ipf.conf | grep 514
pass in quick proto tcp from pool/700 to any port = 514 keep state
pass in quick proto udp from pool/800 to any port = 514
root@ysera#more /etc/ipf/ipf.conf
#ipf.conf
# IP Filter rules to be loaded during startup
# See ipf(4) manpage for more information on
#IP Filter rules syntaxDespite the IP filter being disabled, I think that these files being so different is a sign of something. I'll have to check with the team to see why they are different, because I dont' think that they are supposed to be!! (let me know if i'm chasing a ghost again)
The machines are on the same subnet, and I have used Malygos to send message OUT and have other Ysera recieve them...and that works fine. It will not work backwards though, so I agree it's a blocked port or perhaps some of the scripts that start syslogd are not providing the -r option as I expect. A big part of me just wants to jump to Ysera and make that our baseline...but I need to be able to replicate the files. Currently I'm trying to alter /lib/svc/method/system-log to force the -r option. (no worries...I kept the original :-)
I'm also trying to get it to log the parameters that syslogd is started with...so I know exactly what the computer THINKS its doing.
Thanks again dude!!
Edited by: mandarbshadar on Mar 2, 2010 10:34 AM -
Trying to configure syslog process, for Oracle auditing, Oracle 10gR2
Folks,
I am trying to use the OS (UNix Sun Solaris 10), syslog process. So I can write my Oracle db 10gR2 audit logs to a location, where Oracle userid on unix cannot modify/delete.
For that I have set following values in the Oracle 10gR2 parameters :
audit_file_dest string /flood/u01/app/oracle/product/
10.2.0/db_1/rdbms/audit
audit_sys_operations boolean TRUE
audit_syslog_level string USER
audit_trail string OS
Actually I have set audit_syslog_level = 'user.notice' value in the database
Also made following entry in the syslog.conf file
## oracle audit records
user.notice /var/log/oraaudit.log
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
It is still not logging the audit logs in that location.
What am I missing here
Thanks for your help.
AshishBy chance did you restart the database and syslogd? ( I think that a "kill -1 syslogd" will work for that.)
Your configuration looks very similar to what I did - and mine is working ok. One difference I noticed: when I do the "show parameter audit", I get the whole string of "audit_syslog_level string LOCAL5.NOTICE"
Greg -
Syslog logging for zone.cpu-shares ???
Hi,
I have defined two zones (zone1 and zone2) and set zone.cpu-shares in global zone.
I've set also global state for zone.cpu-shares for logging.
The questions is why I do not get any messagess in "/var/adm/messges.warning" when some zone use more cpu-shares than defined.??
Configuration follows:
root@sol10test# prctl -i zone 0 1 2
zone: 0: global
zone.cpu-shares
privileged 20 - none -
system 65.5K max none -
zone: 1: zone2
NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT
zone.cpu-shares
privileged 10 - none -
system 65.5K max none -
zone: 2: zone1
NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT
zone.cpu-shares
privileged 70 - none -
system 65.5K max none -
root@sol10test# rctladm
zone.cpu-shares syslog=warning [ no-basic no-deny no-signal count ]
root@sol10test# cat /etc/syslog.conf
*.warning /var/adm/messages.warning
...P.S. does not work with syslog=notice either :((Hi,
I have defined two zones (zone1 and zone2) and set zone.cpu-shares in global zone.
I've set also global state for zone.cpu-shares for logging.
The questions is why I do not get any messagess in "/var/adm/messges.warning" when some zone use more cpu-shares than defined.??
Configuration follows:
root@sol10test# prctl -i zone 0 1 2
zone: 0: global
zone.cpu-shares
privileged 20 - none -
system 65.5K max none -
zone: 1: zone2
NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT
zone.cpu-shares
privileged 10 - none -
system 65.5K max none -
zone: 2: zone1
NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT
zone.cpu-shares
privileged 70 - none -
system 65.5K max none -
root@sol10test# rctladm
zone.cpu-shares syslog=warning [ no-basic no-deny no-signal count ]
root@sol10test# cat /etc/syslog.conf
*.warning /var/adm/messages.warning
...P.S. does not work with syslog=notice either :(( -
Design flaw in logadm(1M)/logadm.conf(4) and patch bug
I really like logadm(1M)/logadm.conf(4) but it has a design flaw:
1) /etc/logadm.conf should be a clean conf and not interfered with /var-ish state data!
Please move the "Timestamps" to somewhere else!
/etc/logadm.conf sould be distributable (scp/rsync/rdist) to a fleet of similar servers. Now it is not.
2) I have non default /etc/syslog.conf and /var/adm/messages is not the syslog here.
I have changed /etc/logadm.conf accordingly and made /var/adm/messages a symlink to the kernel log for convenience and it works perfectly until I patch.
I'm annoyed by Sun-patches that insist in putting /var/adm/messages back into the /etc/logadm.conf every now and then.
Sun-patches should not alter config-files that have been customized, but rather give a hint by placing a .new file (or so) along.
I guess 2) is related to 1) as the /etc/logadm.conf is allways "customized" by timestamps.
P�lHi Harry (and others),
I have seen similar behavior. It seems like the client side rendering for some reason has a hard time processing the collection model wrapping the ArrayList in this particular case. The table renders empty. After sorting in ascending order, the rows are all back (visible) again.
Is anyone aware of issues with the rich table based directly on ArrayList (in combination with a changing set of values and/or sorting)? (seems like a corner case but is still not uncommon). Is there any indication that wrapping the ArrayList in a CollectionModel ourselves might be required?
Harry: do you know whether this issue is introduced with PS3 (11.1.1.4) or already existed in previous releases?
kind regards,
Lucas -
Hi
Iam trying to get spannintree logging events. Path "conf t-int gi 0/1-logging event status and spanning tree. After spantree change "taking off cable from switch which have to legs to core" any spantree syslogs appears. I was waiting spannintree state change syslogs but i could not see any spannintree syslogs.Any experience.
Switch WS-C2970G-24TS-E
ios c2970-i6k91l2-mz.122-20.SE3.bin
JuhaHi Juha,
Can you please confirm if you are trying to see the logs on console, telnet session or on syslog server.
Also have you changed any logging level or its default.
Regards,
Ankur -
I have been trying to get syslog to work to accept logging from my router (which is directed to syslog to the IP address of my primary Mac), but with no success.
I've gone through Aaron Adams' procedures:
http://www.aaronadams.net/index.php/2005/06/02/configuringsyslogd_to_accept_logsfrom
I've edited my /etc/syslog.conf file:
.err;kern.;auth.notice;authpriv,remoteauth,install.none;mail.crit /dev/console
*.notice;authpriv,remoteauth,ftp,install.none;kern.debug;mail.criti /var/log/system.log
# COMMENT this out for now to see any local4 messages on system log?
# ;local4.none
# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out this line.
#.err;kern.;auth.notice;authpriv,remoteauth.none;mail.crit /dev/tty.serial
# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
authpriv.*;remoteauth.crit /var/log/secure.log
lpr.info /var/log/lpr.log
mail.* /var/log/mail.log
ftp.* /var/log/ftp.log
netinfo.err /var/log/netinfo.log
install.* /var/log/install.log
install.* @127.0.0.1:32376
local0.* /var/log/ipfw.log
*.emerg *
local0.* /var/log/Airport.log
local4.* /var/log/local4.log
# DEBUG: what happens on the other local facilities?
local1.* /var/log/local1.log
local2.* /var/log/local2.log
local3.* /var/log/local3.log
local5.* /var/log/local5.log
local6.* /var/log/local6.log
local7.* /var/log/local7.log
I've re-loaded /System/Library/LaunchDaemons/com.apple.syslogd.plist, and edited /etc/daily.local, and those mechanisms are working, but always local4.log is an empty file. Empty log files exist in /var/log:
$ ls -al /var/log | grep "local"
-rw-r--r-- 1 root wheel 0 Dec 11 11:56 local1.log
-rw-r--r-- 1 root wheel 41975 Mar 16 16:38 local2.log
-rw-r--r-- 1 root wheel 0 Dec 11 11:56 local3.log
-rw-r--r-- 1 root wheel 0 Mar 20 03:15 local4.log
-rw-r--r-- 1 root wheel 0 Dec 11 11:56 local5.log
-rw-r--r-- 1 root wheel 0 Dec 11 11:56 local6.log
-rw-r--r-- 1 root wheel 0 Dec 11 11:56 local7.log
netstat shows two syslog connections:
$netstat -f inet -a | grep "syslog"
udp4 0 0 *.syslog .
udp46 0 0 *.syslog .
But a port scan (Apple network Utility) from another LAN computer doesn't show port 514 open. I am not running Apple's software firewall.
It seems to me that without port 514 open, I'll never get anything, but how do I open it. I had assumed that all of the syslog set-up gyrations would cause it to be open.
Any ideas?
G4 "Gigabit" Dual-500 Mac OS X (10.4.8) 1.5GB RAM, 1TB internal, SCSI, 802.11g, USB2.0Your question about local4 got me to dig further into a few things.
Aaron Adams has a couple of good posts on how to set up the syslog.conf and daily actions:
http://www.aaronadams.net/index.php/2005/06/02/configuringsyslogd_to_accept_logsfrom
But the following article is what got me on the local4 bandwagon (I don't know why it assumes local4 would be used):
http://www.macosxhints.com/article.php?story=20060327074531639
As we now know nothing happens on local4 unless it is specifically set up to do so. The following article has the best big-picture summary and references on how to handle logs from different sources (i.e., setting up syslog to redirect messages from the IP address of my router to a special log:
http://macosx.com/forums/howto-faqs/47791-howto-syslog-remote-events-etc.html
Anyway, to make a long story short, the router IS actually sending to syslog (I was expecting messages in local4 and never saw anything in syslog because it only shows *.notice and above, and the router mainly spews out *.info. It took a bunch of playing with tcpdump to figure it out (I can't seem to get tcpflow to show UDP, even though the man page says it uses the same library and expresions as tcpdump). So everything is good now, messages are coming in to a special log and overwhelming syslog, logs get rotated properly overnight, with some filtering I get the distilled info I want, and via GeekTool even see it on my desktop in real-time. Thanks for your help!
Maybe you are looking for
-
Outbound Delivery Not getting created
Hi Gurus, Outbound Delivery Not getting created there is a DESADV IDOC that is supposed to create inbound dely, do the GR then create Outbound delivery and shipment (all automized). But this is not happening. There is workflow set up that is blocking
-
Ff_5 Formatting error in the field COBL-KOSTL
When automatically posting bankstatements we have several searchstrings in place. Most of them post against a bookingrule, but in this case I have a posting on a costcenter as well. I created two equal searchstrings, one for the bookingrule and one f
-
This error keeps popping up every couple of minutes. Error in getValue: [Exception... "Component returned failure code: 0x8000ffff (NS_ERROR_UNEXPECTED) [nsIPrefBranch.getComplexValue]" nsresult: "0x8000ffff (NS_ERROR_UNEXPECTED)" location: "JS frame
-
I have a picture of myself and am trying to delete the background and have just me in the picture
Hey I took a pic of myself with PhotoBooth, and now I can't delete the background wall. Thanks guys!
-
Quicktime player 10.2 will not restore windows
PROBLEM RE-OPENING QUICKTIME PLAYER WINDOWS ON-MAC OSX 10.8 My 27 inch iMAC is Running OS X 10.8. It came with QuickTime Player Version 10.2. The problem is that when I attempt to "open" a Quicktime movie (.mov) I get a message that says "QUicktime