Re: SYSLOG Facilities

From: Kevin Gannon (kevin@gannons.net)
Date: Mon Aug 14 2000 - 06:27:47 EDT

Next message: Lincoln Dale: "Re: [nsp] [nsp] WCCP version 2 advise sought"
Previous message: George Robbins: "Re: SYSLOG Facilities"
Maybe in reply to: Martin, Christian: "SYSLOG Facilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Chris,
Something which might help with the testing of this is to use logger -p
local1.info "TEST"
to send sample messages into the syslog dameon rather than waiting for the
cisco's
to send one.

Also make sure that one of the entries higher in your config is not catching
the messages
as they are evaluated top to bottom so a line above maybe catching the
messages and
sticking them in /var/adm/messages.

You probably knew that but just in case.

Regards,
Kevin

-----Original Message-----
From: George Robbins <grr@shandakor.tharsis.com>
To: cisco-nsp@puck.nether.net <cisco-nsp@puck.nether.net>;
cmartin@gnilink.net <cmartin@gnilink.net>
Date: Monday, August 14, 2000 11:23 AM
Subject: Re: SYSLOG Facilities

>Start your syslog daemon with debugging turned on, it should provide
>some clues. You *have* pre-created the log files, right?
>
> George
>
>> From cisco-nsp-request@puck.nether.net Sun Aug 13 22:52:30 2000
>> Date: Fri, 4 Aug 2000 19:14:16 -0400
>> X-From_: cmartin@gnilink.net Fri Aug 4 19:14:16 2000
>> Received-Date: Fri, 4 Aug 2000 19:14:16 -0400
>> From: "Martin, Christian" <cmartin@gnilink.net>
>> To: "'cisco-nsp@puck.nether.net'" <cisco-nsp@puck.nether.net>
>> Subject: SYSLOG Facilities
>> Old-Date: Fri, 4 Aug 2000 19:13:47 -0400
>> Old-X-Envelope-To: cisco-nsp
>> Resent-From: jared@puck.nether.net
>> Resent-Date: Sun, 13 Aug 2000 22:14:07 -0400
>> Resent-To: cisco-nsp@puck.nether.net
>> X-Mailing-List: <cisco-nsp@puck.nether.net> archive/latest/3375
>> X-Loop: cisco-nsp@puck.nether.net
>> Precedence: list
>> Resent-Sender: cisco-nsp-request@puck.nether.net
>>
>> This message is in MIME format. Since your mail reader does not
understand
>> this format, some or all of this message may not be legible.
>>
>> ------_=_NextPart_001_01BFFE69.A478C4A4
>> Content-Type: text/plain;
>> charset="iso-8859-1"
>>
>> Folks,
>>
>> I am trying to set up a syslog daemon to respond to messages sent on
>> different facilities. This allows us to have different routers in
different
>> locations logg to different files.
>>
>> Here is the config:
>>
>> local7.debug /var/adm/log/syslog.01
>> local6.debug /var/adm/log/syslog.02
>> local5.debug /var/adm/log/syslog.03
>>
>> Tabs are used. I've tried changing the severity values, but to no avail.
>> The first one works, but the second two don't work. Actually, when I
>> changed the severity to err (3), I started getting messages in
>> /var/adm/messages. The man page suggests that I can specify multiple
>> facility.seveity pairs, seperated by commas, but it still is sending to
>> /var/adm/messages?
>>
>> Any help?
>>
>> TIA,
>> chris
>>
>>
>> ------_=_NextPart_001_01BFFE69.A478C4A4
>> Content-Type: text/html;
>> charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>>
>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
>> <HTML>
>> <HEAD>
>> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
>> charset=3Diso-8859-1">
>> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
>> 5.5.2650.12">
>> <TITLE>SYSLOG Facilities</TITLE>
>> </HEAD>
>> <BODY>
>>
>> Folks,
>> 
>>
>> I am trying to set up a syslog daemon =
>> to respond to messages sent on different facilities.  This allows =
>> us to have different routers in different locations logg to different =
>> files.
>>
>> Here is the config:
>>  
>> > FACE=3D"Arial">local7.debug       &nb=
>> sp;           &nb=
>> sp;           &nb=
>> sp;      /var/adm/log/syslog.01
>> > FACE=3D"Arial">local6.debug       &nb=
>> sp;           &nb=
>> sp;           &nb=
>> sp;      /var/adm/log/syslog.02 
>> > FACE=3D"Arial">local5.debug       &nb=
>> sp;           &nb=
>> sp;           &nb=
>> sp;      /var/adm/log/syslog.03
>> 
>>
>> Tabs are used.  I've tried =
>> changing the severity values, but to no avail.  The first one =
>> works, but the second two don't work.  Actually, when I changed =
>> the severity to err (3), I started getting messages in =
>> /var/adm/messages.  The man page suggests that I can specify =
>> multiple facility.seveity pairs, seperated by commas, but it still is =
>> sending to /var/adm/messages?
>>
>> Any help?
>> 
>>
>> TIA,
>> chris
>> 
>>
>> </BODY>
>> </HTML>
>> ------_=_NextPart_001_01BFFE69.A478C4A4--
>>
>>
>
>

Next message: Lincoln Dale: "Re: [nsp] [nsp] WCCP version 2 advise sought"
Previous message: George Robbins: "Re: SYSLOG Facilities"
Maybe in reply to: Martin, Christian: "SYSLOG Facilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:15 EDT