[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: managing syslog

On Fri, Aug 27, 2004 at 06:20:27PM -0400, Stephen Gran wrote:
> Hello all,
> I am sorry to have to ask this here - it seems like it just should be
> working, but it's not, and I am now starting to get frustrated.
> At work we have several machines that output a lot of garbage to syslog,
> most of which we don't need to see.  The programs responsible for the
> garbage are also capable of sending admin emails for alerts, so I thought
> that a nice idea might be to have syslog log all of the messages to a
> seperate file that we don't logcheck, and look them over if there's an
> email or a problem (don't worry - these are non-mission critical type
> apps, and are not network accessible, so I am not too worried about
> missing a message for a little while).
> I can configure the loglevel that the apps log to, fortunately, but it
> doesn't seem to be working correctly.  So, if I am logging to syslog
> level local7, I add this to syslog.conf as the first uncommented line:
> local7.*  /var/log/noisy.log
> and hup syslog.  I now see the messages from the apps in noisy.log, but
> I still see the chatter in syslog :(  Does anyone see anything obviously
> wrong with this, to help save me from tearing hair out?
> Thanks,
> -- 
>  -----------------------------------------------------------------
> |   ,''`.					     Stephen Gran |
> |  : :' :					 sgran@debian.org |
> |  `. `'			Debian user, admin, and developer |
> |    `-					    http://www.debian.org |
>  -----------------------------------------------------------------
syslog.conf don't work as a filter (check line for line, stop at first match)
like iptables or sisco accesslists do. 
If you stil got the default catch all ine:
*.*;auth,authpriv.none          -/var/log/syslog
in syslog.conf, the messsages goes there too.
Frode Haugsgjerd

Reply to: