Mailinglist Archive: opensuse-project (465 mails)

< Previous Next >
Re: [opensuse-project] Logging related
  • From: "Carlos E. R." <carlos.e.r@xxxxxxxxxxxx>
  • Date: Sun, 04 Jul 2010 15:03:24 +0200
  • Message-id: <4C30869C.7080603@xxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2010-07-04 10:04, Per Jessen wrote:
Carlos E. R. wrote:

man rsyslog.conf

Not a single example. No migration info.

Pretty normal for a man page :-)

Ya, I know :-}


Have a look at fetchmail or procmail man pages: the have good examples.

I don't recall wiki pages being to normal way for documenting migration
and changes in openSUSE, so I was just amused that you were looking for
one for this change.

Hey, I feel lazy now and then :-p

Besides, you have the option for reverting to syslog-ng - personally, I
think the patterns should have been set up such that rsyslog and
syslog-ng provide the same functionality (similar to postfix/sendmail)
and satisfy the same requirement.

I actually went yesterday and changed rsyslog.conf so that named (bind) logs in
its own log. It was
simpler than I had thought, after all.

I was getting tons of these in the message log:

Jul 4 14:48:05 Elessar named[22400]: client 192.168.1.14#52387: RFC 1918
response from Internet for
14.1.168.192.in-addr.arpa
Jul 4 14:51:02 Elessar named[22400]: client 192.168.1.14#52387: RFC 1918
response from Internet for
1.1.168.192.in-addr.arpa
Jul 4 14:51:21 Elessar named[22400]: client 192.168.1.14#52387: RFC 1918
response from Internet for
1.1.168.192.in-addr.arpa


Those IP are in my local network, no idea why/who is asking on internet for it,
or who is
responding. But instead of finding out or doing something about it, I thought
of first logging them
to a different file.

So I did:

# named messages into separate file and stop their further processing - taken
from firewall
configuration - no, from acpid config

if ($programname == 'named' or $syslogtag == '[named]:') then \
-/var/log/named;RSYSLOG_TraditionalFileFormat
if ($programname == 'named' or $syslogtag == '[named]:') then \
~

The next modification should be not to stop further processing if the entry is
"alarming". But for
that I need reading some doc (is syslogseverity >= 5 alarming, or is it <= 5?
Are the above log
entries "alarming"?). And I feel lazy again.


- --
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 "Emerald" GM (Elessar))
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkwwhpwACgkQU92UU+smfQW3GACeKtXtyEXssMCyAuv6srXShoU1
ScwAnA2hkr6L29ZRf4HUk/5TwtjKUfNP
=B2tO
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-project+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups