[opensuse] Restrictive logging in messages file
Hi all, I need to reduce the logging in the /var/log/messages file. I do not want the webserver activities logged on this server. I have many of the following: Nov 25 08:55:41 WS1 kernel: SFW2-INext-ACC-TCP IN=eth1 OUT= MAC=xx SRC=192.168.1.1 DST=192.168.0.2 LEN=48 TOS=0x08 PREC=0x00 TTL =126 ID=13349 DF PROTO=TCP SPT=3480 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055601010402) Nov 25 08:55:47 WS1 kernel: SFW2-INext-ACC-TCP IN=eth1 OUT= MAC=xx SRC=192.168.1.1 DST=192.168.0.2 LEN=48 TOS=0x08 PREC=0x00 TTL =126 ID=13673 DF PROTO=TCP SPT=3484 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055601010402) Nov 25 08:55:47 WS1 kernel: SFW2-INext-ACC-TCP IN=eth1 OUT= MAC=xx SRC=192.168.1.1 DST=192.168.0.2 LEN=48 TOS=0x08 PREC=0x00 TTL =126 ID=13708 DF PROTO=TCP SPT=3487 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055601010402) Nov 25 08:55:47 WS1 kernel: SFW2-INext-ACC-TCP IN=eth1 OUT= MAC=xx SRC=192.168.1.1 DST=192.168.0.2 LEN=48 TOS=0x08 PREC=0x00 TTL =126 ID=13711 DF PROTO=TCP SPT=3488 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055601010402) Nov 25 08:55:50 WS1 kernel: SFW2-INext-ACC-TCP IN=eth1 OUT= MAC=xx SRC=192.168.1.1 DST=192.168.0.2 LEN=48 TOS=0x08 PREC=0x00 TTL =126 ID=13776 DF PROTO=TCP SPT=3490 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055601010402) Nov 25 08:55:51 WS1 kernel: SFW2-INext-ACC-TCP IN=eth1 OUT= MAC=xx SRC=192.168.1.1 DST=192.168.0.2 LEN=48 TOS=0x08 PREC=0x00 TTL =126 ID=13810 DF PROTO=TCP SPT=3492 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055601010402) Nov 25 08:56:23 WS1 kernel: SFW2-INext-ACC-TCP IN=eth1 OUT= MAC=xx SRC=192.168.1.1 DST=192.168.0.2 LEN=48 TOS=0x08 PREC=0x00 TTL =126 ID=13962 DF PROTO=TCP SPT=3494 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055601010402) Nov 25 08:56:38 WS1 kernel: SFW2-INext-ACC-TCP IN=eth1 OUT= MAC=xx SRC=192.168.1.1 DST=192.168.0.2 LEN=48 TOS=0x08 PREC=0x00 TTL =126 ID=14216 DF PROTO=TCP SPT=3496 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055601010402) Nov 25 08:56:38 WS1 kernel: SFW2-INext-ACC-TCP IN=eth1 OUT= MAC=xx SRC=192.168.1.1 DST=192.168.0.2 LEN=48 TOS=0x08 PREC=0x00 TTL =126 ID=14253 DF PROTO=TCP SPT=3498 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055601010402) How do I block just these entries to not write in the messages log file? TIA Al -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2008-11-25 at 13:18 +0100, LLLActive@GMX.Net wrote:
I need to reduce the logging in the /var/log/messages file. I do not want the webserver activities logged on this server. I have many of the following:
That's the firewall. Just configure /etc/syslog-ng/syslog-ng.conf appropiately. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkr8B0ACgkQtTMYHG2NR9X8JgCfSSpnCASjxZWYV4tKctJ8zJJS Z48AmQEEBPvJbmQStF1vzGhnRcP9+mKM =AtZW -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
On Tuesday, 2008-11-25 at 13:18 +0100, LLLActive@GMX.Net wrote:
I need to reduce the logging in the /var/log/messages file. I do not want the webserver activities logged on this server. I have many of the following:
That's the firewall.
Just configure /etc/syslog-ng/syslog-ng.conf appropiately.
-- Cheers, Carlos E. R.
Great, now it can do some selected reporting. What do you think of this? /etc/syslog.conf (on a SLES 9 system) # # Warnings in one file # *.=warning;*.=err -/var/log/warn # *.crit /var/log/warn *.crit;kern.none /var/log/critical kern.* /var/log/kernel # # save the rest in one file # *.*;mail.none;news.none;kern.none -/var/log/messages # # enable this, if you want to keep all messages # in one file *.* -/var/log/allmessages # Emergency messages will be displayed using wall # *.=emerg * I have some problems with a database. It reports into the messages log file. The kernel and critical messages now goes to kernel and critical log files respectively, and just to make sure nothing gets lost all messages also goes to the allmessages log file. If an emergency comes up, it "writes on the wall" to all logged into termenal session (not tested yet, but will be very helpful). Anyone seen this wall function in action? What does it look like? OpenSUSE 10.3 does not have a "man syslog.conf" manpage (No manual entry for syslog.conf), perhaps named something else now; syslog.conf does not exist under /etc/. Where is it (it's equivalent)? Looking at /etc/init.d/syslog it seems to use /etc/syslog-ng/syslog-ng.conf and /etc/syslogd with /etc/syslog.conf. I do not see a syslog.conf on my 10.3 systems though? # set daemon dependent variables case "$SYSLOG_DAEMON" in syslog-ng) syslog=syslog-ng config=/etc/syslog-ng/syslog-ng.conf params="$SYSLOG_NG_PARAMS" ;; *) syslog=syslogd config=/etc/syslog.conf params="$SYSLOGD_PARAMS" ;; esac Question: What does the bracket behind syslog-ng) and the *) mean? (I'm no programmer) :-) Al -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* LLLActive@GMX.Net <LLLActive@GMX.Net> [11-25-08 16:24]: ...
I have some problems with a database. It reports into the messages log file. The kernel and critical messages now goes to kernel and critical log files respectively, and just to make sure nothing gets lost all messages also goes to the allmessages log file. If an emergency comes up, it "writes on the wall" to all logged into termenal session (not tested yet, but will be very helpful). Anyone seen this wall function in action? What does it look like?
Try it yourself and see: (as root) echo "This is a wall message" |wall -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Patrick Shanahan wrote:
* LLLActive@GMX.Net <LLLActive@GMX.Net> [11-25-08 16:24]: ...
I have some problems with a database. It reports into the messages log file. The kernel and critical messages now goes to kernel and critical log files respectively, and just to make sure nothing gets lost all messages also goes to the allmessages log file. If an emergency comes up, it "writes on the wall" to all logged into termenal session (not tested yet, but will be very helpful). Anyone seen this wall function in action? What does it look like?
Try it yourself and see: (as root) echo "This is a wall message" |wall
Cool, in the CLI and KDE! Say, in the syslog.conf: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # Warnings in one file # *.=warning;*.=err -/var/log/warn <========== # *.crit /var/log/warn *.crit;kern.none /var/log/critical <========== kern.* /var/log/kernel # # save the rest in one file # *.*;mail.none;news.none;kern.none -/var/log/messages # # enable this, if you want to keep all messages # in one file *.* -/var/log/allmessages # Emergency messages will be displayed using wall # *.=emerg * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. What is the effect when a leading dash stands befpre the "-/var/log/warn" and none stand before "/var/log/critical"? 2. Will the /var/log/kernel file and /var/log/allmessages be created automatically, or is there a way to create syslogd files? :-) Al -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
LLLActive@GMX.Net wrote:
1. What is the effect when a leading dash stands befpre the "-/var/log/warn" and none stand before "/var/log/critical"?
The dash tells syslog to write the data asynchron, not in the exact order as it happens. This is much more efficient, otherwise a busy log might throttle disk io.
2. Will the /var/log/kernel file and /var/log/allmessages be created automatically, or is there a way to create syslogd files?
They will be created automatically when syslog starts. If you have scripts like logrotate then it is a good idea to recreate the file after rotating it. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2008-11-25 at 22:56 +0100, LLLActive@GMX.Net wrote:
messages also goes to the allmessages log file. If an emergency comes up, it "writes on the wall" to all logged into termenal session (not tested yet, but will be very helpful). Anyone seen this wall function in action? What does it look like? ... echo "This is a wall message" |wall
Cool, in the CLI and KDE!
I hate it. When you are in an emergency, trying to type commands to solve the emergency, and getting in the middle the "wall" message, which doesn't allow you to properly see what you type, then you will think if it is cool or a pest.
Say, in the syslog.conf:
*.=warning;*.=err -/var/log/warn <========== # *.crit /var/log/warn
1. What is the effect when a leading dash stands befpre the "-/var/log/warn" and none stand before "/var/log/critical"?
Entries with "-" are cached, and without the dash, are not: they are written instantly to the disk. This can slow the system noticeably, but is important in emergencies, if the system crashes.
2. Will the /var/log/kernel file and /var/log/allmessages be created automatically, or is there a way to create syslogd files?
Yes, they are created automatically. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkksilUACgkQtTMYHG2NR9WMggCcC77Aj0wySNXo2RmL52tg2nZ5 1CgAnAo2UDWyns0dwPiD8GXKZ2I3MLm+ =qCF9 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
LLLActive@GMX.Net wrote:
# set daemon dependent variables case "$SYSLOG_DAEMON" in syslog-ng) syslog=syslog-ng config=/etc/syslog-ng/syslog-ng.conf params="$SYSLOG_NG_PARAMS" ;; *) syslog=syslogd config=/etc/syslog.conf params="$SYSLOGD_PARAMS" ;; esac
Question: What does the bracket behind syslog-ng) and the *) mean? (I'm no programmer)
It's a simple case statement. if the variable "$SYSLOG_DAEMON" has the value syslog-ng) do this *) for all other cases do this It simply provides for legacy settings where the oder syslog daemon is used not syslog-ng. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2008-11-25 at 22:23 +0100, LLLActive@GMX.Net wrote:
Carlos E. R. wrote:
Just configure /etc/syslog-ng/syslog-ng.conf appropiately.
Great, now it can do some selected reporting. What do you think of this?
/etc/syslog.conf (on a SLES 9 system)
Ah, that's not syslog-ng (next generation syslog). You have the classic one, it has less options to configure.
# # Warnings in one file # *.=warning;*.=err -/var/log/warn # *.crit /var/log/warn *.crit;kern.none /var/log/critical kern.* /var/log/kernel
I would use "-/var/log/kernel",, I think - unless I'm investigating a bug.
# save the rest in one file # *.*;mail.none;news.none;kern.none -/var/log/messages
# # enable this, if you want to keep all messages # in one file *.* -/var/log/allmessages
# Emergency messages will be displayed using wall # *.=emerg *
I have some problems with a database. It reports into the messages log file.
What's the problem, you want it somewhere else? There is little control with syslog, that's why syslog-ng is better.
The kernel and critical messages now goes to kernel and critical log files respectively, and just to make sure nothing gets lost all messages also goes to the allmessages log file.
Nothing gets lost, unless you mess too much with the configuration :-p The use of the "allmessages" is that, in case of problems, you have all messages in a single file and can see what is happening on other daemons different than the one you investigate. I don't use it. If I need it, I would create it and rotate soon.
OpenSUSE 10.3 does not have a "man syslog.conf" manpage (No manual entry for syslog.conf), perhaps named something else now; syslog.conf does not exist under /etc/. Where is it (it's equivalent)? Looking at /etc/init.d/syslog it seems to use /etc/syslog-ng/syslog-ng.conf and /etc/syslogd with /etc/syslog.conf. I do not see a syslog.conf on my 10.3 systems though?
You choose syslog or syslog-ng, not both. You will have the man page of the one you have installed, not the other. Same applies to the configuration files, which are quite different. The 10.3 systems have the -ng version by default.
# set daemon dependent variables case "$SYSLOG_DAEMON" in syslog-ng) syslog=syslog-ng config=/etc/syslog-ng/syslog-ng.conf params="$SYSLOG_NG_PARAMS" ;; *) syslog=syslogd config=/etc/syslog.conf params="$SYSLOGD_PARAMS" ;; esac
Question: What does the bracket behind syslog-ng) and the *) mean? (I'm no programmer)
If you have syslog-ng installed the script will define certain variables, and else it means you have syslogd and certain other variables. Nothing to worry about :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkksjPMACgkQtTMYHG2NR9XKIQCfVwbmikW0uQKxsDgX1Fz0fOO8 uPAAn0XEjUX3qc2LZZHQufCk9TSurLNa =wuWS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Carlos E. R. -
LLLActive@GMX.Net -
Patrick Shanahan -
Sandy Drobic