Frode Haugsgjerd wrote:
On Fri, Aug 27, 2004 at 06:20:27PM -0400, Stephen Gran wrote:
Hello all,
I am sorry to have to ask this here - it seems like it just should be working, but it's not, and I am now starting to get frustrated.
At work we have several machines that output a lot of garbage to syslog, most of which we don't need to see. The programs responsible for the garbage are also capable of sending admin emails for alerts, so I thought that a nice idea might be to have syslog log all of the messages to a seperate file that we don't logcheck, and look them over if there's an email or a problem (don't worry - these are non-mission critical type apps, and are not network accessible, so I am not too worried about missing a message for a little while).
I can configure the loglevel that the apps log to, fortunately, but it doesn't seem to be working correctly. So, if I am logging to syslog level local7, I add this to syslog.conf as the first uncommented line:
local7.* /var/log/noisy.log
and hup syslog. I now see the messages from the apps in noisy.log, but I still see the chatter in syslog :( Does anyone see anything obviously wrong with this, to help save me from tearing hair out?
Thanks, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
syslog.conf don't work as a filter (check line for line, stop at first match)
like iptables or sisco accesslists do. If you stil got the default catch all ine:
*.*;auth,authpriv.none -/var/log/syslog
in syslog.conf, the messsages goes there too.
--
Frode Haugsgjerd
Norway
stephen,
just give a try to some other syslog daemon (syslog-ng, there is official debian package) or, change the logcheck to ignore the garbage.
on some machines , i'm using syslogd only to send the messages over the net to other host (with a daily-rotated all-in-one local file, kept .gziped few days, just for my paranoia), where syslog-ng captures them and then filter etc.
so if you can not change the daemon,you can do it in a similar way.
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]