Re: precise syslogd configuration

[matthew sporleder <msporleder%gmail.com@localhost>]

On Sat, Mar 7, 2009 at 1:18 PM, Taylor R Campbell 
<campbell%mumble.net@localhost> wrote:
> (I am not subscribed to the list; please cc me in replies.)
>
> I'd like to configure NetBSD so that dhcpd(8) writes logs that are
> retained for only forty-eight hours.  To this end, I'd like to
> configure syslogd(8) to send messages from dhcpd(8) to a file named
> /var/log/dhcplog, and *not* to any other destination; then I can
> configure newsyslog(8) to rotate logs exceeding forty-eight hours of
> age into oblivion.  (The paranoiac in me would also like newsyslog(8)
> to write over the files somewhat like `rm -P', but that's tricky to
> get right, and I can see from the source code that newsyslog(8)
> doesn't do it, so never mind that.)
>
> Syslogd(8) will send any messages it receives to every matching line
> in /etc/syslogd.conf.  I couldn't find any part of the syslogd.conf(5)
> man page that says this, but the source code explains it.  This means
> that if I want to send messages exclusively to a file, such as all
> daemon.info messages from dhcpd(8), then I must find every other line
> that could match the same messages and exclude daemon.info messages
> from dhcpd(8) on that line.  The default /etc/syslogd.conf already
> does something like this: it has a line *.info that must explicitly
> exclude auth.info, authpriv.info, mail.info, &c., by following *.info
> with `;auth,authpriv,...,mail.none'.  Excluding daemon.info messages
> only if they were from dhcpd(8) requires even more work.
>
> Thus, my desired configuration requires that I carefully arrange the
> whole file in the following format, which is not at all obvious from
> anything suggested in the man page or the default /etc/syslogd.conf:
>
> # Lines specific to the dhcpd program.
> !dhcpd
> daemon.info /var/log/dhcplog
>
> # Lines specific to the foobard program.
> !foobard
> daemon.info /var/log/foobarlog
>
> # Facility-specific lines which dhcpd and foobard might send.
> !*
> *.err;kern.*;auth.notice;authpriv.none;mail.crit /dev/console
> *.emerg *
> kern.debug /var/log/messages
>
> auth,authpriv.info /var/log/authlog
> cron.info /var/log/cron
> # etc.
>
> # Other lines which might include some of the above, so we must
> # explicitly exclude programs dhcpd and foobard, and we must also
> # explicitly exclude all facilities listed above.
> !-dhcpd,foobard
> *.info;auth,authpriv,cron,ftp,kern,lpr,mail.none /var/log/messages
>
> Am I going about this in the wrong way?  It seems suboptimal to
> require such a carefully crafted configuration file, when I imagine it
> is fairly common to want logs to be sent exclusively to a specific set
> of destinations.  As it is, it's not obvious without reading the whole
> file what destinations any particular log messages will be sent to.
>


Did you read syslog.conf?  Especially the program and hostname specification.

Anyway, a lot of daemons will give you the option to changing the
syslog facility (LOCAL7, for example) to make this easier, but since
dhcpd doesn't seem to, why don't you just start dhcpd with option -d
and then redirect the output 2>/my/file

That way you can set a cron job to cat /dev/null > /my/file or
whatever else you want to do every two days.

Either way should work.

Matt