*BSD News Article 93062


Return to BSD News archive

Newsgroups: comp.unix.bsd.freebsd.misc
From: cdouglas@ibs.net (Collin Douglas)
Subject: Re: syslogd watching other machine(s)
Organization: MidFirst Bank
References: <5i7bo6$o1t$1@kayrad.ziplink.net> <5iarfb$epc@ui-gate.utell.co.uk>
X-Newsreader: News Xpress 2.0 Beta #2
Date: Mon, 07 Apr 97 16:02:58 GMT
NNTP-Posting-Host: 208.128.40.147
Message-ID: <33491bee.0@news.ibs.net>
Lines: 45
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!newsfeed.direct.ca!news.maxwell.syr.edu!news.mathworks.com!news.kei.com!news.thenet.net!uunet!in2.uu.net!204.71.1.61!newsfeed.internetmci.com!news.ibs.net!rootbeer
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:38687

In article <5iarfb$epc@ui-gate.utell.co.uk>, brian@awfulhak.org, brian@utell.co.uk wrote:
>In article <5i7bo6$o1t$1@kayrad.ziplink.net>,
>        mi@ALDAN.ziplink.net..remove-after-`net' (Mikhail Teterin) writes:
>> Hi! I have several Unix machines (FreeBSD and Irix), which I'd like
>> to set up to watch for other machine's log entries. Say, rtfm will
>> log aldan's messages and aldan will log rtfm's messages.
>> 
>> Unfortunately, simply modifying /etc/syslogd.conf to send things to
>> @another_host on both system, causes cascades of messages: rtfm sends
>> the message to aldan, which bounces it back to rtfm right away.
>> Then, rtfm passes it to aldan again, and so on... syslogd has to be
>> restarted...
>> 
>> The only solution I see for this, is to run two syslogd-s on each machine.
>> With different config files. One will send local messages out (run in
>> "safe" mode), another one -- logging remote messages.
>> 
>> Can anyone think of a single process solution? Thanks!
>> 
>> I think, syslogd has to have an option to operate in intelligent
>> mode -- recognise when the incoming message is about the localhost
>> and not log it (or, at least, not propagate it).
>> 
>>       -mi
>
>The problem with the two-process thing is that currently, I expect
>syslog will only write to the remote port that it listens to locally.
>
>I think a "[port]@machine" option for the config file would solve
>this - you'd still need two syslogd processes.
>
>Does anyone on hackers (cc'd there) have any comments/observations ?
>

I have a FreeBSD desktop that I use to log all syslog messages for all 
machines.  It's a little simpler than your solution but it works for me.

I also wrote a quick hack that will send copies of syslogs of a certain 
priority or above to sendpage -- so I get alpha paged with the syslog message 
in case of a real problem.  I'm not a particularly good programmer but I'd be 
willing to share this with anyone who wanted it.


Collin Douglas
cdouglas@midfirst.com