precise syslogd configuration

To: netbsd-users%NetBSD.org@localhost
Subject: precise syslogd configuration
From: Taylor R Campbell <campbell%mumble.net@localhost>
Date: Sat, 7 Mar 2009 12:18:58 -0500

(I am not subscribed to the list; please cc me in replies.)

I'd like to configure NetBSD so that dhcpd(8) writes logs that are
retained for only forty-eight hours.  To this end, I'd like to
configure syslogd(8) to send messages from dhcpd(8) to a file named
/var/log/dhcplog, and *not* to any other destination; then I can
configure newsyslog(8) to rotate logs exceeding forty-eight hours of
age into oblivion.  (The paranoiac in me would also like newsyslog(8)
to write over the files somewhat like `rm -P', but that's tricky to
get right, and I can see from the source code that newsyslog(8)
doesn't do it, so never mind that.)

Syslogd(8) will send any messages it receives to every matching line
in /etc/syslogd.conf.  I couldn't find any part of the syslogd.conf(5)
man page that says this, but the source code explains it.  This means
that if I want to send messages exclusively to a file, such as all
daemon.info messages from dhcpd(8), then I must find every other line
that could match the same messages and exclude daemon.info messages
from dhcpd(8) on that line.  The default /etc/syslogd.conf already
does something like this: it has a line *.info that must explicitly
exclude auth.info, authpriv.info, mail.info, &c., by following *.info
with `;auth,authpriv,...,mail.none'.  Excluding daemon.info messages
only if they were from dhcpd(8) requires even more work.

Thus, my desired configuration requires that I carefully arrange the
whole file in the following format, which is not at all obvious from
anything suggested in the man page or the default /etc/syslogd.conf:

# Lines specific to the dhcpd program.
!dhcpd
daemon.info /var/log/dhcplog

# Lines specific to the foobard program.
!foobard
daemon.info /var/log/foobarlog

# Facility-specific lines which dhcpd and foobard might send.
!*
*.err;kern.*;auth.notice;authpriv.none;mail.crit /dev/console
*.emerg *
kern.debug /var/log/messages

auth,authpriv.info /var/log/authlog
cron.info /var/log/cron
# etc.

# Other lines which might include some of the above, so we must
# explicitly exclude programs dhcpd and foobard, and we must also
# explicitly exclude all facilities listed above.
!-dhcpd,foobard
*.info;auth,authpriv,cron,ftp,kern,lpr,mail.none /var/log/messages

Am I going about this in the wrong way?  It seems suboptimal to
require such a carefully crafted configuration file, when I imagine it
is fairly common to want logs to be sent exclusively to a specific set
of destinations.  As it is, it's not obvious without reading the whole
file what destinations any particular log messages will be sent to.

Follow-Ups:
- Re: precise syslogd configuration
  - From: matthew sporleder

Prev by Date: amd64 netbsd-5 install panic vwakeup
Next by Date: Re: precise syslogd configuration
Previous by Thread: amd64 netbsd-5 install panic vwakeup
Next by Thread: Re: precise syslogd configuration
Indexes:

Home | Main Index | Thread Index | Old Index