[lug] Syslog woes
hugh at math.byu.edu
Thu Dec 14 21:38:50 MST 2006
Daniel Webb wrote:
> On Wed, Dec 13, 2006 at 06:05:47PM -0700, David L. Anselmi wrote:
>>> *.*;auth,authpriv.none;mail.error -/var/log/syslog
>>> 1) What am I missing here?
>> Try mail.none rather than mail.error.
> But I still want mail messages with error and worse to show up in syslog.
>>From my reading of man 5 syslog.conf there is a bug in syslog, but every time
> I think that about one of the more complex old-time Unix services I end up
> filing what turns out to be a frivolous bug report which gets embarassing
> after a while. :<
> Specifically, from man 5 syslog.conf:
> Multiple selectors may be specified for a single action using the semicolon
> (``;'') separator. Remember that each selector in the selector field is
> capable to overwrite the preceding ones. Using this behavior you can exclude
> some priorities from the pattern.
> So shouldn't get last "mail.error" override the previous settings for mail?
I'm not an expert by any stretch. Based on my reading of the man page,
you'd need to exclude and then include.
So *.* implicitly says log all mail.* to /var/log/syslog The semi-colon
says "if negation follows, give it precedence." Negation seems to be
done via "none" as the priority or !<priority>. So as far as mail is
concerned, you've told it
which seems to be, log all mail and log mail at error or higher.
I just tested this line (on a debian sarge box):
and then used
logger -p mail.err "test of mail.err"
logger -p mail.info "test of mail.info"
The first went to /var/log/syslog, the second didn't.
You could probably shorten it to:
More information about the LUG