Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!sdd.hp.com!wuarchive!psuvax1!rutgers!aramis.rutgers.edu!porthos.rutgers.edu!armhold From: armhold@porthos.rutgers.edu (George Armhold) Newsgroups: comp.unix.questions Subject: Re: syslog.conf question Message-ID: Date: 5 Jun 91 15:05:21 GMT References: <1991Jun5.062908.27546@brolga.cc.uq.oz.au> <1991Jun05.103823.3489@convex.com> Organization: LCSR @ Rutgers University Lines: 38 tchrist@convex.COM (Tom Christiansen) writes: >Only specify the *highest* syslog priority you are concerned about. >The conf file means log UP TO that level. Mixing them on the same >line will confuse things, as will having *.foo entries except at >the front of the line. syslogd -d, or source code, can help you >figure this out. Perhaps I am reading you wrong, but what syslogd actually does is log messages from the specified level up FROM that level, not TO it . ie if you specify a level of "crit", you will get crit, alert, and emerg all logged. Here is an excerpt from the man page: EXAMPLE With the following configuration file: *.notice;mail.info /var/log/notice *.crit /var/log/critical kern,mark.debug /dev/console kern.err @server *.emerg * *.alert root,operator *.alert;auth.warning /var/log/auth syslogd will log all mail system messages except debug mes- sages and all notice (or higher) messages into a file named /var/log/notice. It logs all critical messages into /var/log/critical, and all kernel messages and 20-minute marks onto the system console. Another problem might be that he isn't creating the log files before he does a kill -HUP on syslogd- syslogd won't write to files that don't yet exist. You need to touch the logfile first. -George -- Internet: armhold@aramis.rutgers.edu UUCP: {backbone}!rutgers!aramis.rutgers.edu!armhold BITNET: armhold@PISCES.BITNET