What is syslog.conf facility?
what is syslog.conf facility?
HI,
/etc/syslog.conf — the configuration file used to control the logging and routing of system log events
For more details please refer to http://www.nongnu.org/lpi-manuals/lpi-102/html/ch09.html#syslogconf
Regards
Terry
Similar Messages
-
I have configured my /etc/syslog.conf to split up my whole-house central logs, however I am missing something. All log files are getting all the data. I had this perfect last week, did a restore, and had to re-author it and am getting super fustrated. All the docs are so conflicting so I'm looking for someone to just smack me in the right direction
# /etc/syslog.conf
+switch1.mydomain
*.* /var/log/mydomain/switch1.mydomain
+switch2.mydomain
*.* /var/log/mydomain/switch2.mydomain
========
-rw-r--r-- 1 root wheel 1946 May 6 09:22 switch1.mydomain
-rw-r--r-- 1 root wheel 1946 May 6 09:22 switch2.mydomain
^^^^^
All logs are going to all files.
Some folks say put a +* after the *.* or a ! or a *+ or a this or a that.
What is the correct answer?
While you're here, what is the appropriate syntax to have a master file, based upon ip subnet
+1.2.3.*
*.* /var/log/myfile
and how do I filter myself (the mac)
+1.2.3.* but filter 1.2.3.10
*.* /var/log/myfileObviously since I had stuff streaming to syslog, I had already put that there.
I have plutil whatnot -binary1. So the config files, I converted to xml, edited, restored to binary, ran the things you are suposed to run. I have since done several clean reboots.
The current question is why do I have this all configured properly, however acl.conf is being basically ignored?
> plutil -convert xml1 /System/Library/LaunchDaemons/com.apple.syslogd.plist
> pico /System/Library/LaunchDaemons/com.apple.syslogd.plist
> plutil -convert binary1 /System/Library/LaunchDaemons/com.apple.syslogd.plist
> launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
> launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
===============
== /System/Library/LaunchDaemons/com.apple.syslogd.plist
===============
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableTransactions</key>
<true/>
<key>EnvironmentVariables</key>
<dict>
<key>ASL_DISABLE</key>
<string>1</string>
</dict>
<key>HopefullyExitsLast</key>
<true/>
<key>JetsamProperties</key>
<dict>
<key>JetsamMemoryLimit</key>
<integer>300</integer>
<key>JetsamPriority</key>
<integer>-49</integer>
</dict>
<key>Label</key>
<string>com.apple.syslogd</string>
<key>MachServices</key>
<dict>
<key>com.apple.system.logger</key>
<dict>
<key>ResetAtClose</key>
<true/>
</dict>
</dict>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/syslogd</string>
<string>-bsd_out</string>
<string>1</string>
</array>
<key>Sockets</key>
<dict>
<key>AppleSystemLogger</key>
<dict>
<key>SockPathMode</key>
<integer>438</integer>
<key>SockPathName</key>
<string>/var/run/asl_input</string>
</dict>
<key>BSDSystemLogger</key>
<dict>
<key>SockPathMode</key>
<integer>438</integer>
<key>SockPathName</key>
<string>/var/run/syslog</string>
<key>SockType</key>
<string>dgram</string>
</dict>
<key>NetworkListener</key>
<dict>
<key>SockServiceName</key>
<string>syslog</string>
<key>SockType</key>
<string>dgram</string>
</dict>
</dict>
</dict>
</plist>
===============
=== /etc/syslog.conf
===============
bash-3.2# cat /etc/syslog.conf
# Note that flat file logs are now configured in /etc/asl.conf
install.* @127.0.0.1:32376
local6.warn /Library/Logs/Mail/mailaccess.log
=============
=== /etc/asl.conf
=============
# Mail access log facility
? [= Facility dovecot] [<= Level info] file /Library/Logs/Mail/mailaccess.log mode=0640 uid=214 gid=6 format=bsd
======= [Standard file above here] ==========
===== mydomain is actually a FQDN that I redacted
====================================
# example showing how everything above this is out-of-the box standard... My stuff @ the end of asl.conf
#mydomain
? [= Host core1.mydomain] file /var/log/mydomain/core1.mydomain
? [= Host switch1.mydomain] file /var/log/mydomain/switch1.mydomain
? [= Host switch2.mydomain] file /var/log/mydomain/switch2.mydomain
? [= Host wirelessu.mydomain] file /var/log/mydomain/wirelessu.mydomain
? [= Host wirelessd.mydomain] file /var/log/mydomain/wirelessd.mydomain
? [= Host air1.mydomain] file /var/log/mydomain/air1.mydomain
? [= Host cap1.mydomain] file /var/log/mydomain/cap1.mydomain
? [= Host tv1.mydomain] file /var/log/mydomain/tv1.mydomain
? [Z= Host .mydomain] file /var/log/mydomain/mydomain aslmanager_debug=1
===============
== bash-3.2# ls -la /var/log/mydomain/
===============
total 0
drwxr-xr-x 11 root wheel 374 May 6 11:02 .
drwxr-xr-x 69 root wheel 2346 May 6 11:31 ..
-rw-r--r-- 1 root wheel 0 May 6 11:02 air1.mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 cap1.mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 core1.mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 switch1.mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 switch2.mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 tv1.mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 wirelessd.mydomain
-rw-r--r-- 1 root wheel 0 May 6 11:02 wirelessu.mydomain
Recap...
When I edit syslog.conf, I was getting my data, however my understanding of syslog is way too advanced - this - that - huge arrays of syslog servers - ngsyslog - logrotate - newsyslog - the works.. but when I edit the OG classic BSD format, I fail with the !'s and +'s... so I was asking for help there. Also I tried to do asl.conf first, and that gave me 0 byte files. I did proove that I am getting syslog data and routing it when using syslog.conf, just due to my borked config, all logs were going to all files. So now I rolled that back and am just using asl.conf, but I get no logs. -
Cisco Prime Soft Appliance not saving changes to syslog.conf
Greetings,
I'm having an issue with the syslog.conf file on a Cisco Prime LMS 4.2.4 soft appliance with a Solaris base. My workplace uses local4 as the logging facility for its network devices, and according to a discussion I found on this site, I need to add the line:
local4.info /var/log/syslog_info
I have attempted this several times; we're approaching at least 5 attempts today. I have attached text files created from putty logs where I've attempted to make the necessary change. I appreciate any assistance the community can provide.
Regards,
RobHi, Afroz,
I really appreciate your assistance, but I'm afraid my hopes have been dashed. The syslog.conf reverted to its original configuration. I will go through my steps to be sure that I understood your suggestion properly.
I edited the syslog.conf to put all messages from local4 in /opt/CSCOpx/conf/syslog-entries.txt. Then, I exited the shell to the console, issued the 'write mem' command, and closed the session. Upon my reconnection, I found that my changes to the syslog.conf were not saved.
Did I make the correct edits in the correct places? Another question, is this bug present in the versions of Prime LMS running Linux and/or Windows, or does it only exist in the soft appliance running Solaris?
Regards,
Rob
Edit:
I'm reading the "Installation and Migration of Cisco Prime" PDF, and it gives me the impression that Cisco Prime is only supported as Windows, Solaris, and soft appliance installations. Is that correct? If it is correct, then installation of Cisco Prime LMS is not supported on other Linux distros such as Ubuntu Server, CentOS, Fedora, etc.?
My thanks. -
I'm seeing tons of syslog in in var/log/messages. when I look at the logs they are mostly duplicate of what I see in the syslog_info file. Due to this my var/log is filling up so fast. Do I need to update my syslog.conf file, what is the recommended settings for prime LMS 4.2 ?
-rw------- 1 root root 808570913 Dec 16 04:05 messages.1
-rw-rw-r-- 1 root sys 14259416649 Dec 17 08:59 syslog_info
-rw------- 1 root root 201355173 Dec 17 08:59 messages
Here is my current syslog.conf file
local6.info /var/log/ade/ADE.log
*.info;mail.none;news.none;authpriv.none;cron.none;local0.none;local1.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
#Application LMS Generated config
#BEGIN CSCOmd - DO NOT EDIT THESE COMMENTS OR CONTENTS CONTAINED WITHIN - local0 1
local0.emerg;local0.alert;local0.crit;local0.err;local0.warning;local0.notice;local0.info;local0.debug /var/adm/CSCOpx/log/dmgtd.lo
g
#END CSCOmd DO NOT EDIT BEFORE THIS LINE 1
local7.info /var/log/syslog_infoUsually we dont recommend to change anything on syslog.conf. Syslog_info is the file where all the syslogs coming from network pointed to LMS server is written.
Usually they should be controlled at the device level by checking the logging level of devices.
Mostly ASA/FW's send excessively huge amount of syslogs to LMS server which should be controlled. Also, you can check the logrot utility to control the syslog_info log size to keep in check. Logrot is an Log file rotation utilit in LMS.
Log files can expand and fill up disk space. Log files rotation helps you manage the log files more efficiently. See
Maintaining Log Files for an overview of maintaining the log files in LMS Server.
For more details on logrot check userguide :
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/admin/server.html#wp1055307
-Thanks -
Ifdef statement in syslog.conf
Hello,
what means the following lines in syslog.conf:
auth.notice
ifdef(`LOGHOST', /var/log/authlog, @loghost)
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
How to configure syslog to send messages to both local file and loghost server.
Thanks and regards,
PiotrHi,
syslog.conf is processed by m4(1) before it is used. Please see syslog.conf(4):
The file /etc/syslog.conf contains information used by the
system log daemon, syslogd(1M), to forward a system message
to appropriate log files and/or users. syslogd preprocesses
this file through m4(1) to obtain the correct information
for certain log files, defining LOGHOST if the address of
"loghost" is the same as one of the addresses of the host
that is running syslogd.
Taking the first statement: If you want to log auth.notice to both /var/log/authlog and to a remote loghost
you may want to change the line into something like:
auth.notice /var/log/authlog
auth.notice @loghost
Make sure not to create forwarding loops that way.
Regards,
Ronald -
Configuration issue of syslog.conf
Dear All,
My client is facing a configuration issue of syslog.conf.
They have set a cacti on a Linux server for monitoring of all servers snmp & syslog.
The part of snmp has set up successfully but cannot send the syslog to the cacti.
My client want the syslog can keep on the localhost and send to cacti for monitoring
we have tried to do the following things for make it work:
Insert the information (*.* @10.251.99.74) in /etc/syslog.conf
Restart service of system-log
Deleted all word of loghost in the /etc/hosts file
But still not work. Anyone can give me suggestion or idea about this?Thank you for your reply.
It is tab. But I think the problem is solaris cannot use *.* to represent all logs.
I have used the following is work
*.err;ker.debug;daemon.notice;mail.crit @10.251.99.74
If that is not the mail reason, please put me right. -
Missing syslog.conf file in /etc folder!
How do I create a syslog.conf file that I need in the /etc folder to resolve an isssue with DoorStop?
/etc/syslog.conf already exists - you just need to edit it to your needs.
The issue, of course, is that only root can edit this file. Your best bet is to run your favorite text editor using sudo in Terminal.app, e.g.:
sudo vi /etc/syslog.conf -
Hello. I was trying to configure proftpd and intended to delete proftpd.conf, but instead I deleted syslog.conf. I am using the following version of Mac OS X:
System Version: Mac OS X 10.4.10 (8R2232)
Kernel Version: Darwin 8.10.1
Could somebody with a similar configuration please post the contents of their syslog.conf file so that I can re-create the file on my system without having to re-install the OS?/etc/syslog.conf already exists - you just need to edit it to your needs.
The issue, of course, is that only root can edit this file. Your best bet is to run your favorite text editor using sudo in Terminal.app, e.g.:
sudo vi /etc/syslog.conf -
I'm working on some Apache settings, and I noticed in /private/etc/httpd/users that there is a file for some user vri.conf. What is that about? Is this something someone malicious may have put on my system?
Can I safely remove this file? As far as I can tell there is no user vri. The contents of the file make /Users/vri/Sites/ available for the web browser.Well, the only reference I can find, (no such file on any of my Macs), to vri, osx, and networking is at the bottom of this page...
http://www.ddbc.edu.tw/eng/conferences/abstracts.html
Vipassana Research Institute (VRI) -
Recivining and analyzing syslog messages from facility local3 on LMS4.2 soft appliance.
HI,
all of our enterprise switches are sert to send syslog messages from facility local3. this is partly because our linux syslog server loggs its boot syslog messages from facility local7 an we could't use the default facility of local7 on our cisco switches. LMS4.2s syslog daemon is set to recieve syslog messages from facility local7. how can i change it so that it can listen for facility local3 and also make sure the syloganalyzer and automated action work fine.
thanks,
KerimHi All,
I thought it is a good idea to share the workaround my colleague came up with for this prolem. there is a file called syslog-entries.txt under /opt/CSCOpx/conf. he added all the entries we needed like :
local3.* /var/log/syslog_info
local5.* /var/log/syslog_info
the change was automatically reflected on syslog.conf
now we receve alerts from facilities 3 and 5 besides 7. hope this helps anyone who run into the same issue. -
Prime LMS 4.1: changing syslog facility
Hi,
I have to set up Prime LMS 4.1 soft appliance to a network containing devices that send syslog messages with facility local.6.
Devices logging to 3rd party NMS too, so canging the facility back back to the default value local.7 is not an option.
By default LMS stores and process syslog messages with facility local.7.
Is it possible to change this behaviour?
I changed config file /etc/syslog.conf manualy by adding the following line:
local6.info /var/log/syslog_info
It had benn working well until I restarted the server.
After reload the contet os syslog.conf is reverted back. The line with local6.info is missing.
How should I permanently chang/add the receiving facilty?
Thanks,
Csaba GaraiHi Marvin,
Thanks for the suggestion.
I tried to run the script but it did not solve the problem. After reload the syslog.conf reverted back without the line local.6.
Anyway the syslog daemon of the Soft Appliance OS receives and store incoming messages with ANY facility to file /var/log/messages.
The problem is that tha DFM only shows messeges stored in file /var/log/syslog_info.
Any other idea?
Regards,
Csaba -
Syslog facility kern generates wrong message
Modified /etc/syslog.conf to contain entry "*.debug @loghost" and restarted service system-log.
Placed syslogd in "debug" mode.
Executed " logger -p kern.6 test-kern"
The debug console result -
init(1): syslogd: started
main(1): off & running....
writemsg(13): Logging msg 'Mar 11 09:21:27 user-a: [ID 702911 user.info] test-kern' to FORW loghost
Syslog generated "user.info" instead of "kern.info"This is the expected behavior to prevent kern messages coming from userland.
From syslog(3C) man page:
LOG_KERN Messages generated by the kernel. These cannot
be generated by any user processes.
When kern facility is used, the facility is reverted to the default one:
The initial default facility is LOG_USER.
-- Renaud -
What needs to be confiugred in the dhcpd.conf file to support POAP?
Looking to use the same script poap_script.py, to auto provision my nexus 9k switches but I did not see what the dhcpd.conf should look like. what dhcp options do I need to set to get this feature working?
Looking to use the same script poap_script.py, to auto provision my nexus 9k switches but I did not see what the dhcpd.conf should look like. what dhcp options do I need to set to get this feature working?
-
We're on Netscape Directory 4.1. I'm wondering what the adm.conf field "siepid" is?? It seems to be storing the "admin" user password in plain text! (File admpw has the same password in SHA.)
Also, are there any compelling reasons to move to DS 5.1?Hi Leonard
The Administration server uses the SIE value specified in <serverroot>/admin-serv/config/adm.conf and the password in the SIEPID directive to BIND to the Configuration Directory as mentioned dbswitch.conf. If that bind is not successful and the Administration Servers configuration
parameters cannot be downloaded from the Configuration Directory, the Administration Server will not start
The file admpw has the encrypted version.
Roy -
LMS 4.2 not processing syslog messages
I have a new install of LMS 4.2 on a virtual appliance. No syslog messages are getting into LMS. They are being received by the server, but are showing up in /var/adm/CSCOpx/log/dmgtd.log, and aren't getting processed by SyslogAnalyser.
Here's the syslog.conf file:
local6.info /var/log/ade/ADE.log
*.info;mail.none;news.none;authpriv.none;cron.none;local0.none;local1.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
#Application LMS Generated config
#BEGIN CSCOmd - DO NOT EDIT THESE COMMENTS OR CONTENTS CONTAINED WITHIN - local0 1
local0.emerg;local0.alert;local0.crit;local0.err;local0.warning;local0.notice;local0.info;local0.debug /var/adm/CSCOpx/log/dmgtd.log
#END CSCOmd DO NOT EDIT BEFORE THIS LINE 1
local7.info /var/log/syslog_info
My guess is that the incoming messages are getting written to the wrong file. What do I need to change to correct this?I found that all of my syslog messages were being captured under /var/log/messages. This was due to my Cisco devices being configured with "logging facility local5". Instead of reconfiguring all of my devices to log to facility local7, I just changed the following line in syslog.conf and restarted (/etc/init.d/syslog restart)
Before:
local7.info /var/log/syslog_info
After:
local5.* /var/log/syslog_info
Probably not the best way to do it, but it worked for me.
-Rick
Maybe you are looking for
-
Re: Unable to use the recovery partition on Satellite L505D
Hello. I am trying to help a friend with their Satellite L505D that had a serious virus issue(s). I was not able to run/install any programs with the virus on it. I used a Microsoft tool to remove the rootkit trojan, but I still had virus issues. I a
-
OS 10.4.6 can't install on Ex HD
I Bought my lovely iMac last week. Yesterday night i tried to install Tiger come with my iMac on my external 250 FW HD, but after startup my installer disk.The installer program mark a red ! on my external HD, even after i eased the HD amd restart ag
-
Getting self-signed certificates working with mail
Hi all, I am having trouble getting email certificates created with keychain access to work in mail. According to the Leopard help file, you simply have to go to Keychain access and create the certificate, which I did. After that if you create a mess
-
My requirment is I have to make a folder which is having the file names. I want to save the content in the individual file in separate html files.not in the same folder eg: statistics is folder which is having different files Statistics-- a.html b.ht
-
Problem Launching Applications
Greetings everyone. I'm trying this again, as previous suggestions haven't worked ... I've got a bit of a problem with my Titanium PowerBook, and, as always, when I can't seem to fix it myself, I turn to the great people of the world for assistance.