Return to BSD News archive
Newsgroups: comp.unix.bsd.freebsd.misc From: cdouglas@ibs.net (Collin Douglas) Subject: Re: syslogd watching other machine(s) Organization: MidFirst Bank References: <5i7bo6$o1t$1@kayrad.ziplink.net> <5iarfb$epc@ui-gate.utell.co.uk> X-Newsreader: News Xpress 2.0 Beta #2 Date: Mon, 07 Apr 97 16:02:58 GMT NNTP-Posting-Host: 208.128.40.147 Message-ID: <33491bee.0@news.ibs.net> Lines: 45 Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!newsfeed.direct.ca!news.maxwell.syr.edu!news.mathworks.com!news.kei.com!news.thenet.net!uunet!in2.uu.net!204.71.1.61!newsfeed.internetmci.com!news.ibs.net!rootbeer Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:38687 In article <5iarfb$epc@ui-gate.utell.co.uk>, brian@awfulhak.org, brian@utell.co.uk wrote: >In article <5i7bo6$o1t$1@kayrad.ziplink.net>, > mi@ALDAN.ziplink.net..remove-after-`net' (Mikhail Teterin) writes: >> Hi! I have several Unix machines (FreeBSD and Irix), which I'd like >> to set up to watch for other machine's log entries. Say, rtfm will >> log aldan's messages and aldan will log rtfm's messages. >> >> Unfortunately, simply modifying /etc/syslogd.conf to send things to >> @another_host on both system, causes cascades of messages: rtfm sends >> the message to aldan, which bounces it back to rtfm right away. >> Then, rtfm passes it to aldan again, and so on... syslogd has to be >> restarted... >> >> The only solution I see for this, is to run two syslogd-s on each machine. >> With different config files. One will send local messages out (run in >> "safe" mode), another one -- logging remote messages. >> >> Can anyone think of a single process solution? Thanks! >> >> I think, syslogd has to have an option to operate in intelligent >> mode -- recognise when the incoming message is about the localhost >> and not log it (or, at least, not propagate it). >> >> -mi > >The problem with the two-process thing is that currently, I expect >syslog will only write to the remote port that it listens to locally. > >I think a "[port]@machine" option for the config file would solve >this - you'd still need two syslogd processes. > >Does anyone on hackers (cc'd there) have any comments/observations ? > I have a FreeBSD desktop that I use to log all syslog messages for all machines. It's a little simpler than your solution but it works for me. I also wrote a quick hack that will send copies of syslogs of a certain priority or above to sendpage -- so I get alpha paged with the syslog message in case of a real problem. I'm not a particularly good programmer but I'd be willing to share this with anyone who wanted it. Collin Douglas cdouglas@midfirst.com