HPE Community
Operating System - HP-UX
1856446 Members
4347 Online
104113 Solutions
New Discussion

Re: syslog.conf confusion

 
kapra
Advisor

‎12-12-2005 03:14 AM

‎12-12-2005 03:14 AM

syslog.conf confusion

Dear all,

I am trying to fine tune my syslog.conf file as below

security.info /var/adm/syslog/security.log
auth.info /var/adm/syslog/auth.log
kern.info /var/adm/syslog/kernelinfo.log
kern.debug /var/adm/syslog/kerneldebug.log
*.info /var/adm/syslog/allinfo.log

I am running into few problems when i try to use this configuration file. After restarting the syslogd daemon, i tried to test the functionality using logger command and found the results to be surprising.

(1) Messages from Security and Auth facilities at all levels are getting logged inside both files namely security.log & auth.log and ofcourse inside allinfo.log
(i used logger -p security.info "message" likewise for auth.info, security.notice, auth.notice....... etc), i was expecting security messages ONLY to go inside security.log and same for auth message !!

(2) if i do logger -p kern.info "kernel message", this is getting logged only inside allinfo.log and NOT inside kernelinfo.log

(All these files do exist on their locations and have write permissions for all, also there are TABS (no spaces) inside syslog.conf file).

Please help me on this.

Thank you very much in advance.
0 Kudos
Reply
4 REPLIES 4
Geoff Wild
Honored Contributor

‎12-12-2005 04:58 AM

‎12-12-2005 04:58 AM

Re: syslog.conf confusion

Try:

security.info; auth.none var/adm/syslog/security.log
auth.inf; security.none /var/adm/syslog/auth.log


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
kapra
Advisor

‎12-12-2005 09:19 PM

‎12-12-2005 09:19 PM

Re: syslog.conf confusion

Thanks Geoff for your reply.

I tried making suggested changes to the syslog.conf file and restarted the syslogd daemon but after the changes it logs nothing !

Nothing for security and nothing for auth.

Both files are empty after raising alerts via logger command !
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎12-12-2005 09:54 PM

‎12-12-2005 09:54 PM

Re: syslog.conf confusion

Try as,

security.info;auth,kern.none /var/adm/syslog/security.log
auth.info;security,kern.none /var/adm/syslog/auth.log
kern.info;security,auth.none /var/adm/syslog/kernelinfo.log
kern.debug /var/adm/syslog/kerneldebug.log
*.info;kern.none;security.none;auth.none /var/adm/syslog/allinfo.log

Revert your results. If it is not working then specify which scenario it is not doing?

-Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Reply
kapra
Advisor

‎12-12-2005 10:58 PM

‎12-12-2005 10:58 PM

Re: syslog.conf confusion

Thanks Muthu for your reply..

Have made the suggested changes results are as below

1. logger -p security.info "Security Info"
Nothing logged inside security.log, nothing inside auth.log & nothing inside allininfo.log

2. logger -p auth.info "Auth Info"
Same as case 1, nothing got logged anywhere

3. logger -p kern.info "Kernel Info"
This one got logged inside allinfo.log, nothing inside kernelinfo.log, nothing inside kerneldebug.log

4. logger -p kern.debug "kernel Debug"
Nothing got logged anywhere

Any further suggestions?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.