Fwd: [syslog-ng]Logging Remotely from Solaris to Linux

Ron Braley braley@aero.und.edu
Fri, 31 May 2002 09:17:53 -0500


Bazsi

I'll give these a try this morning.

As always, thanks for the quick, expert response.  :)

Have a great weekend!

rb

Ron Braley
Network Team Leader - CCNP
Systems Team Leader - MCSE, CNE
University of North Dakota (Aerospace College)
braley@aero.und.edu
701-777-2964 (work) / 2940 (fax)

>>> bazsi@balabit.hu 05/31/02 02:45AM >>>
On Thu, May 30, 2002 at 09:58:23PM -0500, Ron Braley wrote:
> Hi Bazsi.
> 
> Here's where things are with the syslog-ng and Solaris vs Linux:
> 
> Using facility filters (i.e. f_cron) on the Linux box will result in
> not logging any messages from the Solaris box.  Other Linux boxes
work
> fine with the facility filters, though.

Here's the list of facilities that Solaris uses, and the same on
Linux:

Solaris:
#define LOG_KERN        (0<<3)  /* kernel messages */
#define LOG_USER        (1<<3)  /* random user-level messages */
#define LOG_MAIL        (2<<3)  /* mail system */
#define LOG_DAEMON      (3<<3)  /* system daemons */
#define LOG_AUTH        (4<<3)  /* security/authorization messages */
#define LOG_SYSLOG      (5<<3)  /* messages generated internally by
syslogd */
#define LOG_LPR         (6<<3)  /* line printer subsystem */
#define LOG_NEWS        (7<<3)  /* netnews subsystem */
#define LOG_UUCP        (8<<3)  /* uucp subsystem */
#define LOG_CRON        (15<<3) /* cron/at subsystem */
        /* other codes through 15 reserved for system use */
#define LOG_LOCAL0      (16<<3) /* reserved for local use */
#define LOG_LOCAL1      (17<<3) /* reserved for local use */
#define LOG_LOCAL2      (18<<3) /* reserved for local use */
#define LOG_LOCAL3      (19<<3) /* reserved for local use */
#define LOG_LOCAL4      (20<<3) /* reserved for local use */
#define LOG_LOCAL5      (21<<3) /* reserved for local use */
#define LOG_LOCAL6      (22<<3) /* reserved for local use */
#define LOG_LOCAL7      (23<<3) /* reserved for local use */

Linux:
#define LOG_KERN        (0<<3)  /* kernel messages */
#define LOG_USER        (1<<3)  /* random user-level messages */
#define LOG_MAIL        (2<<3)  /* mail system */
#define LOG_DAEMON      (3<<3)  /* system daemons */
#define LOG_AUTH        (4<<3)  /* security/authorization messages */
#define LOG_SYSLOG      (5<<3)  /* messages generated internally by
syslogd */
#define LOG_LPR         (6<<3)  /* line printer subsystem */
#define LOG_NEWS        (7<<3)  /* network news subsystem */
#define LOG_UUCP        (8<<3)  /* UUCP subsystem */
#define LOG_CRON        (9<<3)  /* clock daemon */
#define LOG_AUTHPRIV    (10<<3) /* security/authorization messages
(private) */
#define LOG_FTP         (11<<3) /* ftp daemon */

        /* other codes through 15 reserved for system use */
#define LOG_LOCAL0      (16<<3) /* reserved for local use */
#define LOG_LOCAL1      (17<<3) /* reserved for local use */
#define LOG_LOCAL2      (18<<3) /* reserved for local use */
#define LOG_LOCAL3      (19<<3) /* reserved for local use */
#define LOG_LOCAL4      (20<<3) /* reserved for local use */
#define LOG_LOCAL5      (21<<3) /* reserved for local use */
#define LOG_LOCAL6      (22<<3) /* reserved for local use */
#define LOG_LOCAL7      (23<<3) /* reserved for local use */

You can define facilities by their number, so if you want to select
CRON
messages from a Solaris box, you can use the filter:

filter f_cron { facility(15); };

> On a non-Solaris related issue, if I try to test the kern facility
by
> doing a command like "logger -p kern.crit TEST" nothing happens
locally
> or on the loghost.  Is there a reason why that should act
differently
> than other facilities?

kernel messages are read from a special file (/proc/kmsg on linux), I
suppose logger refuses to send a message with facility=kern from
userspace.
Try using truss on logger to see whether logger sends the message at
all.

(it does work on Linux however as strace shows)

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C
8EB1

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu 
https://lists.balabit.hu/mailman/listinfo/syslog-ng