System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Question regarding syslog.conf

 
SOLVED
Go to solution
wvsa
Regular Advisor

Question regarding syslog.conf

Good morning all;

A quick question, would like to know if it is possible to configure syslog in such a way the following entries get written into a separate file. Here is the entry:

romans02 inetd[8563]: registrar/tcp: Connection from romans02 (172.17.4.10) at Fri Jul 30 10:03:19 2010


Here is a copy of our syslog.conf file
# cat syslog.conf
# @(#)B.11.31_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none;auth.none /var/adm/syslog/syslog.log
auth.info /var/adm/syslog/auth.log
*.alert /dev/console
*.alert root
*.emerg *


Thank you for your comments


Norm
6 REPLIES
Deeos
Regular Advisor

Re: Question regarding syslog.conf

Hi,

Your question is confusing me?
Could you focus on your query in details?


here, I have put entries of /etc/syslog.conf file!


# @(#)B11.23_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *




Regards
Deeos
Deepak
Ishwar_1
Frequent Advisor

Re: Question regarding syslog.conf

Yes, Change the path were you want the logs and restart the syslogd deamon.

This will log all new entries to the change path

Thanks
Ishwar VenuGopal

wvsa
Regular Advisor

Re: Question regarding syslog.conf

Hello;

Let me attempt to re-phrase my question:

Currently we have in our syslog file the following entry occuring over and over and over again:

romans02 inetd[8563]: registrar/tcp: Connection from romans02 (172.17.4.10) at Fri Jul 30 10:03:19 2010


Would like to have this entry not go into our syslog file instead would like to have this entry and all other inetd loggin entries be written to a separate file. With the help of Bill Hassell we are writing auth info to auth.log in syslog directory. WOuld like to do the same thing for the inetd entry. Does this help?


Thank you

Norm
Bill Hassell
Honored Contributor

Re: Question regarding syslog.conf

> WOuld like to do the same thing for the inetd entry.

inetd? What log entries do you have for inetd? By default, inetd does not log connections. Did you modify netdaemons to add INETD_ARGS?


Bill Hassell, sysadmin
Bill Hassell
Honored Contributor
Solution

Re: Question regarding syslog.conf

By the way, inetd (when it logs anything) will use the facility daemon so you could modify syslog.conf to create a separate daemon.log file. Here is an example that has several facilities logged into different directories:

*.info;mail.none;local0.none;local1.none;local2.none;local3.none;local4.none;local5.none;auth.none;user.none;lpr.none;daemon.none;kern.notice; /var/adm/syslog/syslog.log


mail.debug /var/adm/syslog/mail.log
local0.info;local1.info;local2.info;local3.info;local4.info /var/adm/syslog/local01234.log
local5.info /var/adm/syslog/ftpd.log
auth.info /var/adm/syslog/auth.log
daemon.info /var/adm/syslog/daemon.log
kern.info /var/adm/syslog/kern.log
lpr.info /var/adm/syslog/lpr.log

In the above example, inetd will log to daemon.log.



Bill Hassell, sysadmin
wvsa
Regular Advisor

Re: Question regarding syslog.conf

Bill;

Thanks again for your input, very helpful. Yes indeed did modify netdaemons file and turned on logging - audit requirements


Norm