syslog.conf(5) log a given facility only to a separate logfile, not /var/log/messages
Greetings, My Apple Airport Extreme wireless bridge forwards syslog messages of the following format using facility local0 to my OpenBSD syslogd(8) running in insecure -u mode thus: Jan 1 13:29:53 dadsairport dadsairport admin: Connection accepted from :::192.168.0.4/52199. Jan 1 13:46:33 dadsairport dadsairport dot11: Installed unicast CCMP key for supplicant 00:1e:52:72:20:06 I can direct these to a separate logfile using the following line in syslog.conf(5): local0.* /var/log/airport These messages are also directed by default to /var/log/messages as they are included in this default line of syslog.conf: *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages My question is how can these messages be excluded from /var/log/messages? From my reading of the manual page, the only way to filter these messages using base syslogd is via the program tag, and as you can see from the above these tags vary. Is there any other way without installing syslogd-ng from ports? Thanks in advance for any assistance.
Re: syslog.conf(5) log a given facility only to a separate logfile, not /var/log/messages
Hi Damon, Damon McMahon wrote on Sun, Jan 02, 2011 at 12:26:07AM +1030: My Apple Airport Extreme wireless bridge forwards syslog messages of the following format using facility local0 to my OpenBSD syslogd(8) running in insecure -u mode thus: Jan 1 13:29:53 dadsairport dadsairport admin: Connection accepted from :::192.168.0.4/52199. Jan 1 13:46:33 dadsairport dadsairport dot11: Installed unicast CCMP key for supplicant 00:1e:52:72:20:06 I can direct these to a separate logfile using the following line in syslog.conf(5): local0.* /var/log/airport These messages are also directed by default to /var/log/messages as they are included in this default line of syslog.conf: *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages My question is how can these messages be excluded from /var/log/messages? Wouldn't just changing that line too *.notice;auth,authpriv,cron,ftp,kern,local0,lpr,mail,user.none /var/log/messages do the job? Yours, Ingo
Re: syslog.conf(5) log a given facility only to a separate logfile, not /var/log/messages
On 2 January 2011 00:55, Ingo Schwarze schwa...@usta.de wrote: Hi Damon, Damon McMahon wrote on Sun, Jan 02, 2011 at 12:26:07AM +1030: My Apple Airport Extreme wireless bridge forwards syslog messages of the following format using facility local0 to my OpenBSD syslogd(8) running in insecure -u mode thus: Jan 1 13:29:53 dadsairport dadsairport admin: Connection accepted from :::192.168.0.4/52199. Jan 1 13:46:33 dadsairport dadsairport dot11: Installed unicast CCMP key for supplicant 00:1e:52:72:20:06 I can direct these to a separate logfile using the following line in syslog.conf(5): local0.* /var/log/airport These messages are also directed by default to /var/log/messages as they are included in this default line of syslog.conf: *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages My question is how can these messages be excluded from /var/log/messages? Wouldn't just changing that line too *.notice;auth,authpriv,cron,ftp,kern,local0,lpr,mail,user.none /var/log/messages do the job? Yours, Ingo Thanks, Ingo :-) That works. I actually tried that, but didn't realise the section of the manual: Multiple selectors may be specified for a single action by separating them with semicolon (`;') characters. It is important to note, however, that each selector can modify the ones preceding it. means that selectors can only modify preceding selectors when they're on the same line, separated by semicolons. This is different to how pf.conf(5) is interpreted (for example) and that was my mistake. Cheers, Damon
Re: syslog.conf(5) log a given facility only to a separate logfile, not /var/log/messages
On 01/01/11 08:56, Damon McMahon wrote: Greetings, My Apple Airport Extreme wireless bridge forwards syslog messages of the following format using facility local0 to my OpenBSD syslogd(8) running in insecure -u mode thus: Jan 1 13:29:53 dadsairport dadsairport admin: Connection accepted from :::192.168.0.4/52199. Jan 1 13:46:33 dadsairport dadsairport dot11: Installed unicast CCMP key for supplicant 00:1e:52:72:20:06 I can direct these to a separate logfile using the following line in syslog.conf(5): local0.* /var/log/airport These messages are also directed by default to /var/log/messages as they are included in this default line of syslog.conf: *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages My question is how can these messages be excluded from /var/log/messages? From my reading of the manual page, the only way to filter these messages using base syslogd is via the program tag, and as you can see from the above these tags vary. Is there any other way without installing syslogd-ng from ports? Thanks in advance for any assistance. man syslog.conf - especially the parts about !!prog There is an example for spamd that will be interesting for you.