Fwd: [syslog-ng]Logging Remotely from Solaris to Linux
Ron Braley
braley@aero.und.edu
Fri, 31 May 2002 09:17:53 -0500
Bazsi
I'll give these a try this morning.
As always, thanks for the quick, expert response. :)
Have a great weekend!
rb
Ron Braley
Network Team Leader - CCNP
Systems Team Leader - MCSE, CNE
University of North Dakota (Aerospace College)
braley@aero.und.edu
701-777-2964 (work) / 2940 (fax)
>>> bazsi@balabit.hu 05/31/02 02:45AM >>>
On Thu, May 30, 2002 at 09:58:23PM -0500, Ron Braley wrote:
> Hi Bazsi.
>
> Here's where things are with the syslog-ng and Solaris vs Linux:
>
> Using facility filters (i.e. f_cron) on the Linux box will result in
> not logging any messages from the Solaris box. Other Linux boxes
work
> fine with the facility filters, though.
Here's the list of facilities that Solaris uses, and the same on
Linux:
Solaris:
#define LOG_KERN (0<<3) /* kernel messages */
#define LOG_USER (1<<3) /* random user-level messages */
#define LOG_MAIL (2<<3) /* mail system */
#define LOG_DAEMON (3<<3) /* system daemons */
#define LOG_AUTH (4<<3) /* security/authorization messages */
#define LOG_SYSLOG (5<<3) /* messages generated internally by
syslogd */
#define LOG_LPR (6<<3) /* line printer subsystem */
#define LOG_NEWS (7<<3) /* netnews subsystem */
#define LOG_UUCP (8<<3) /* uucp subsystem */
#define LOG_CRON (15<<3) /* cron/at subsystem */
/* other codes through 15 reserved for system use */
#define LOG_LOCAL0 (16<<3) /* reserved for local use */
#define LOG_LOCAL1 (17<<3) /* reserved for local use */
#define LOG_LOCAL2 (18<<3) /* reserved for local use */
#define LOG_LOCAL3 (19<<3) /* reserved for local use */
#define LOG_LOCAL4 (20<<3) /* reserved for local use */
#define LOG_LOCAL5 (21<<3) /* reserved for local use */
#define LOG_LOCAL6 (22<<3) /* reserved for local use */
#define LOG_LOCAL7 (23<<3) /* reserved for local use */
Linux:
#define LOG_KERN (0<<3) /* kernel messages */
#define LOG_USER (1<<3) /* random user-level messages */
#define LOG_MAIL (2<<3) /* mail system */
#define LOG_DAEMON (3<<3) /* system daemons */
#define LOG_AUTH (4<<3) /* security/authorization messages */
#define LOG_SYSLOG (5<<3) /* messages generated internally by
syslogd */
#define LOG_LPR (6<<3) /* line printer subsystem */
#define LOG_NEWS (7<<3) /* network news subsystem */
#define LOG_UUCP (8<<3) /* UUCP subsystem */
#define LOG_CRON (9<<3) /* clock daemon */
#define LOG_AUTHPRIV (10<<3) /* security/authorization messages
(private) */
#define LOG_FTP (11<<3) /* ftp daemon */
/* other codes through 15 reserved for system use */
#define LOG_LOCAL0 (16<<3) /* reserved for local use */
#define LOG_LOCAL1 (17<<3) /* reserved for local use */
#define LOG_LOCAL2 (18<<3) /* reserved for local use */
#define LOG_LOCAL3 (19<<3) /* reserved for local use */
#define LOG_LOCAL4 (20<<3) /* reserved for local use */
#define LOG_LOCAL5 (21<<3) /* reserved for local use */
#define LOG_LOCAL6 (22<<3) /* reserved for local use */
#define LOG_LOCAL7 (23<<3) /* reserved for local use */
You can define facilities by their number, so if you want to select
CRON
messages from a Solaris box, you can use the filter:
filter f_cron { facility(15); };
> On a non-Solaris related issue, if I try to test the kern facility
by
> doing a command like "logger -p kern.crit TEST" nothing happens
locally
> or on the loghost. Is there a reason why that should act
differently
> than other facilities?
kernel messages are read from a special file (/proc/kmsg on linux), I
suppose logger refuses to send a message with facility=kern from
userspace.
Try using truss on logger to see whether logger sends the message at
all.
(it does work on Linux however as strace shows)
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C
8EB1
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng