syslog configuration

William Muriithi william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Mar 16 21:41:24 UTC 2009 

Redelmeier,

Thanks for your assistance. You helped by pointing a couple of point
that lead me in the proper direction. Like that syslog has only
limited facilities.

> | Added  "snmpd.none" on the 7th line in syslog.conf file :
> | *.info;mail.none;authpriv.none;cron.none;snmpd.none               /var/log/messages
> |
> | Then added this line at the end of the file
> |
> | local1.*                                                -/var/log/snmpd.log
> |
> | Then restarted syslog. It came up, but complained it has no idea what snmpd meant. And nothing changed, snmp keep pushing crap on the message file.
>

Just in case it may assist someone else, here is how to go about it.

Create the file below

vi /etc/snmp/snmpd.options

And have the following as its content

OPTIONS=”-Ls 3 -Lf /dev/null -p /var/run/snmpd.pid -a”

Essentially, that tell snmp not send logs to a file called dev/null
and also log them through syslog facility local3

Restart snmpd

Then, do the following changes on syslog config file

vi /etc/syslog.conf

change this line:
.info;mail.none;authpriv.none;cron.none      /var/log/messages

to
.info;mail.none;authpriv.none;cron.none;local3.none      /var/log/messages

That is important to suppress snmp default behaviour. It insist on
logging as a daemon even after above change

Then add the following line some where at the bottom of the same file

local3.notice                         /var/log/snmpd.log

Save the changes on syslog.conf and restart syslog

It should work as now. This is redhat specific.

Regards,

William

> | No luck. I have also looked through the snmp manual and it found nothing helpful there.
>
> Read rsyslog.conf(5) (at least on my system, Fedora 10).
>
> The format of a selector is facility.priority.  "snmpd" isn't a
> facility.
>
>    The facility is one of the following keywords: auth, authpriv,
>    cron, daemon, kern, lpr, mail, mark, news, security (same as
>    auth), syslog, user, uucp and local0 through local7. The keyword
>    security should not be used anymore and mark is only for internal
>    use and therefore should not be used in applications.  Anyway, you
>    may want to specify and redirect these messages here.  The
>    facility specifies the subsystem that produced the message, i.e.
>    all mail programs log with the mail facility (LOG_MAIL) if they
>    log using syslog.
>
> That explains your error message.  I don't remember at the moment how
> one is supposed to do what you want to do.
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists



--
For a list of all the ways technology has failed to improve the
quality of life, please press three.
—Alice Kahn
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list