[tclug-list] syslog question

[Robert Nesius]

On Wed, Jun 22, 2011 at 12:56 PM, Brian Wood <woodbrian77 at gmail.com> wrote:

>
> Robert Nesius:
> > My one thought is to check syslogd.conf (usually in /etc) and make sure
> > syslogd is configured to log the messages your program is sending.  If
> not
> > configured properly, syslogd will drop them.
>
> I don't have an /etc/syslogd.conf or /etc/syslog.conf.  I read somewhere
> that they changed the name of /etc/syslog.conf to /etc/rsyslog.conf and
> I do have that file.  I sent a copy of that file to the user and asked
> him to compare it to his copy -- although I'm not sure if he has that
> file on his machine.  He checked yesterday though on his machine
> and he didn't have /etc/syslog.conf file either.  My guess is this is
> on the right track, but have no idea how the default configurations
> differ between the distributions.
>
>
Oh - looks like old-school syslog has been replaced by something modular.

I see this at the bottom of my /etc/rsyslog.conf file:

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

Here is an excerpt of what /etc/rsyslog.d/50-default.conf has.

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
#cron.*                         /var/log/cron.log
daemon.*                        -/var/log/daemon.log
kern.*                          -/var/log/kern.log
lpr.*                           -/var/log/lpr.log
mail.*                          -/var/log/mail.log
user.*                          -/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info                       -/var/log/mail.info
mail.warn                       -/var/log/mail.warn
mail.err                        /var/log/mail.err

Bottom line, if the tool is logging to syslog, you need to configure both
sides such that:
a: The sender is sending messages to the correct machine
b: The receiver is configured to log the messages.

I think anything that doesn't match a rule gets dropped silently.  Also, I
think syslog often (always?) logs via UDP packets, not TCP.

-Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20110622/3209ff26/attachment.html>