HPE Community
Operating System - HP-UX
1834271 Members
95364 Online
110066 Solutions
New Discussion

Syslog and inetd messages.

 
Ian Killer
Advisor

‎09-27-2000 08:39 AM

‎09-27-2000 08:39 AM

Syslog and inetd messages.

Our syslog which we use regularly in problem solving is full of "Connection Attempt" messages logged by inetd, making the task of problem solving more painful than it needs to be. I cant remove the informational level daemon messages from syslog without losing our service guard messages aswell. We can't turn off inetd logging without compromising our security. Is there a way of configuring inetd to log to somewhere other than syslogd without turning off logging completely?
There's a monkey in my sock drawer.
0 Kudos
Reply
8 REPLIES 8
CHRIS_ANORUO
Honored Contributor

‎09-27-2000 08:58 AM

‎09-27-2000 08:58 AM

Re: Syslog and inetd messages.

man syslogd
You can add a line in /etc/syslog.conf file for another information or error log file
When We Seek To Discover The Best In Others, We Somehow Bring Out The Best In Ourselves.
0 Kudos
Reply
Lasse Knudsen
Esteemed Contributor

‎09-27-2000 08:59 AM

‎09-27-2000 08:59 AM

Re: Syslog and inetd messages.

It looks like this is not an option with inetd as it is today.

You could run some kind of log analysis tool that would filter these messages from your syslog - like swatch or the like.

Maybe you need to look for an inetd replacement - there are several out there - whether they function under UX is another matter - have you tried xinetd, rlinetd, or g2s - the latter seems promising.
In a world without fences - who needs Gates ?
0 Kudos
Reply
Alan Riggs
Honored Contributor

‎09-27-2000 09:06 AM

‎09-27-2000 09:06 AM

Re: Syslog and inetd messages.

in /etc/syslog.conf(tab delimited):

*.info;inetd.none /var/adm/syslog/syslog.log
inetd.info /var/adm/syslog/inetd.log
0 Kudos
Reply
Bruce Laughlin
Frequent Advisor

‎09-27-2000 09:10 AM

‎09-27-2000 09:10 AM

Re: Syslog and inetd messages.

Hi Ian,

Perhaps you can experiment with something like the following in your syslog.conf file. Note that I added an extra line after the mail.debug line:

$ cat /etc/syslog.conf
# @(#) $Revision: 74.1 $
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
daemon.debug /var/adm/syslog/daemon.log
*.info;mail.none;daemon.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *


This should effectively re-route all messages from the daemon facility of level debug or higher to /var/adm/syslog/syslog.daemon.

Of course, you should test this first to ensure it does what you want it to, and that you don't lose any messages.

Bruce Laughlin
0 Kudos
Reply
Ian Killer
Advisor

‎09-28-2000 01:47 AM

‎09-28-2000 01:47 AM

Re: Syslog and inetd messages.

Chris, Alan R., Bruce,
We tried creating another daemon facility log file, for informational messages, but it takes the serviceguard info messages with it. I'll try the suggestion of an inetd.info line. The syslog.conf file separates facilities and not specific daemons according to the man pages, but I 'll let you know what happens. I'll try the debug option also. Cheers.
There's a monkey in my sock drawer.
0 Kudos
Reply
Ian Killer
Advisor

‎09-28-2000 01:49 AM

‎09-28-2000 01:49 AM

Re: Syslog and inetd messages.

Alan S.,
This is what I suspected. I'm trying to pick the minds of those that know undocumented features.
Cheers.
There's a monkey in my sock drawer.
0 Kudos
Reply
Ian Killer
Advisor

‎09-28-2000 02:05 AM

‎09-28-2000 02:05 AM

Re: Syslog and inetd messages.

The inetd.info option caused syslogd to error: unknown facility.
The daemon.debug experiment left the connection messages in the syslog.log.
Bummer.
There's a monkey in my sock drawer.
0 Kudos
Reply
Ian Killer
Advisor

‎09-28-2000 02:30 AM

‎09-28-2000 02:30 AM

Re: Syslog and inetd messages.

The daemon.debug to daemon.log, *.info and daemon.none option to syslog took all the daemon messages including service guard, LVM and named messages to daemon log. Double bummer.

Filter script it will have to be.

Thanks for all your help friends. Hope I can do the same for you sometime.

Ian
There's a monkey in my sock drawer.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.