Re: managing syslog
On Fri, Aug 27, 2004 at 06:20:27PM -0400, Stephen Gran wrote:
> Hello all,
>
> I am sorry to have to ask this here - it seems like it just should be
> working, but it's not, and I am now starting to get frustrated.
>
> At work we have several machines that output a lot of garbage to syslog,
> most of which we don't need to see. The programs responsible for the
> garbage are also capable of sending admin emails for alerts, so I thought
> that a nice idea might be to have syslog log all of the messages to a
> seperate file that we don't logcheck, and look them over if there's an
> email or a problem (don't worry - these are non-mission critical type
> apps, and are not network accessible, so I am not too worried about
> missing a message for a little while).
>
> I can configure the loglevel that the apps log to, fortunately, but it
> doesn't seem to be working correctly. So, if I am logging to syslog
> level local7, I add this to syslog.conf as the first uncommented line:
>
> local7.* /var/log/noisy.log
>
> and hup syslog. I now see the messages from the apps in noisy.log, but
> I still see the chatter in syslog :( Does anyone see anything obviously
> wrong with this, to help save me from tearing hair out?
>
> Thanks,
> --
> -----------------------------------------------------------------
> | ,''`. Stephen Gran |
> | : :' : sgran@debian.org |
> | `. `' Debian user, admin, and developer |
> | `- http://www.debian.org |
> -----------------------------------------------------------------
syslog.conf don't work as a filter (check line for line, stop at first match)
like iptables or sisco accesslists do.
If you stil got the default catch all ine:
*.*;auth,authpriv.none -/var/log/syslog
in syslog.conf, the messsages goes there too.
--
Frode Haugsgjerd
Norway
Reply to: