Re: taming syslog

To: debian-user@lists.debian.org
Subject: Re: taming syslog
From: Tony van der Hoff <tony@vanderhoff.org>
Date: Wed, 25 Dec 2013 18:25:57 +0100
Message-id: <[🔎] 52BB1525.101@vanderhoff.org>
In-reply-to: <[🔎] 20131215044325.GA21398@hysteria.proulx.com>
References: <[🔎] 52AC9372.30201@vanderhoff.org> <[🔎] 20131215044325.GA21398@hysteria.proulx.com>

On 15/12/13 05:43, Bob Proulx wrote:
> Tony van der Hoff wrote:
>> So I thought I'd try to suppress these messages in syslog. Some googling
>> and reading man (5) syslog.conf, I decided that the line
> 
> On Debian Wheezy the default is now rsyslog which has replaced the
> previous sysklogd package.  AFAIK the rsyslog uses /etc/rsyslog.conf
> not /etc/syslog.conf and the man page is rsyslog.conf not syslog.conf.
> Which means you are probably still using the previous sysklogd
> package.  In which case you might try installing the new rsyslog as
> that is the current maintenance track.  I can't say that things will
> work but since it is different software it might behave differently.
> It might work.  But the previous sysklogd should too.  And if the new
> rsyslog does not then at least it is the current package in Wheezy and
> the maintainers would be available for bug reports.
> 
>   # apt-get install rsyslog
> 
>> *.*;auth,authpriv.none		-/var/log/syslog
>> was the culprit, and changed it to
>> *.*;auth,authpriv.none;!mail.*	-/var/log/syslog
> 
> I didn't try it but it seems reasonable to me.
> 
>> Unfortunately, now nothing gets logged to syslog; I would at least
>> expect the usual crop of iptables reports, unless the baddies have given
>> up for christmas. Mail is still logged to mail.log, so that's OK.
> 
> You can always test by using the "logger" command.  Try sending a
> message there.
> 
>   $ logger -t foo "a test message"
> 
>> Can anyone please tell me the correct way to go about this, please?
> 
> What you did looked okay to me.  But note that I didn't have time to
> try it.
> 
> Bob
> 

Well, just in case this turns up in the archives,
 I installed rsyslog to replace sysklog, and edited rsyslog.conf which
made absolutely no difference.

It turns out that the correct syntax was
*.*;auth,authpriv.none;mail.!*	-/var/log/syslog

Well, Bah! I think
*.*;auth,authpriv.none;mail.none	-/var/log/syslog
would have worked too, but I'm happy with the present setup.


-- 
Tony van der Hoff  | mailto:tony@vanderhoff.org
Ariège, France     |

Reply to:

References:
- taming syslog
  - From: Tony van der Hoff <tony@vanderhoff.org>
- Re: taming syslog
  - From: Bob Proulx <bob@proulx.com>

Prev by Date: Re: Line-in of CM106 like sound device does not work
Next by Date: Re: Nvidia 210 with HDMI
Previous by thread: Re: taming syslog
Next by thread: sid? + xfce + kdm + systemd => problem
Index(es):
- Date
- Thread