[nycbug-talk] FreeBSD syslog.conf quickie

Rodrique Heron swygue at gmail.com
Thu Apr 5 10:13:44 EDT 2007 

Kevin Reiter wrote:
> All,
>
> A quick question on the syntax for defining a remote system logging to a remote syslog server.
>
> I have a number of routers I want to send their syslogs to a FreeBSD system.  I've checked all the firewall rules and know that not to be a problem.  My question is, in the syslog.conf file itself, how to I define a host to log to a specific logfile?  I've RTFM, checked Google, and checked everything else I thought might have been mucking up the waters, but can't seem to get this straight.
>
> I'm looking to get all syslogs for hostname "ssr" to go to /var/log/router.log
>
> In my /etc/syslog.conf, I have the following entry:
>
> +ssr.*                 /var/log/router.log
>
> >From man 5 syslog.conf:
>
> A hostname specification of the form `#+hostname' or `+hostname' means
> the following blocks will be applied to messages received from the speci-
> fied hostname.  Alternatively, the hostname specification `#-hostname' or
> `-hostname' causes the following blocks to be applied to messages from
> any host but the one specified.  If the hostname is given as `@', the
> local hostname will be used.  As for program specifications, multiple
> comma-separated values may be specified for hostname specifications.
>
> I've tried using +ssr, +ssr.*, and a few other variations with no luck.
>
> Am I just reading the examples wrong?  (In my defense, I've had a headache for the past 3 days, which hasn't helped..)
>
> Thanks,
> Kev
>
> This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed.  If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein.  Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
>
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>
>   
Use minirsyslogd instead, I am don't know why BSD syslog won't work. I 
created a /va/log/cisco/{device1,device2}, replace device with the 
address with ip address of your switch or router.

in == /etc/rc.conf ==
minirsyslog_enable="YES"
minirsyslog_flags="--rootdir /var/log/cisco --umask 022"

syslogd_enable="YES"
syslogd_flags="-ss -b 192.168.2.1"

That works for me, minirsyslog only writes when the buffer is full, so 
you may not see events right away.

More information about the talk mailing list