[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: syslog / ipmon chaos

Hi there


> -->in syslog.conf:
> #	$OpenBSD: syslog.conf,v 1.7 2000/06/20 03:37:49 kjell Exp $
> #
> 
> *.err;kern.debug;auth.notice;authpriv.none;mail.crit	/dev/console
> *.notice;auth,authpriv,cron,local0,ftp,kern,lpr,mail,user.none	
> /var/log/messages
> kern.debug,user.info,syslog.info			/var/log/messages
> auth.info						/var/log/authlog
> authpriv.debug					/var/log/secure
> cron.info						/var/cron/log
> daemon.info						/var/log/daemon
> ftp.info						/var/log/xferlog
> lpr.debug						/var/log/lpd-errs
> mail.info						/var/log/maillog
> local0.info						/var/log/ipflog
> #uucp.info						/var/log/uucp
> 
> *.err							root
> *.notice;auth.debug					root
> *.alert						root
> *.emerg						*
ipmon uses LOG_INFO, LOG_NOTICE, LOG_WARNING, and LOG_ERR levels to log different actions/packets through syslog
using the local0 facility. LOG_ERR is used on the first line:
 > *.err;kern.debug;auth.notice;authpriv.none;mail.crit	/dev/console
and the 4th before last line:
 > *.err		 
				root
LOG_ERR is used for packets that are considered short. So any packet 
that is logged and is "short" is displayed on the terminal of all 
connected roots + the console. Moreover, LOG_NOTICE is used for passed 
packets that are logged. It appears in:
 > *.notice;auth.debug		 
		root
That means that any packet that is passed & loggued  is displayed on the 
terminal of all connected roots too !
So if you really want to tweak this behavior, modify those lines 
accordingly.

BTW, upon reading your email I have just "man ipmon" and found the info 
almost immediately. Nothing replaces a good rtfming :))

HTH

-- 
Saad

"Authoritarians thrive on censorship and secrecy. And
they distrust voluntary cooperation and information
sharing-- they only like cooperation that they control."