[afnog] syslog levels

grace Ingabire ingabireg at terracom.rw
Mon Aug 27 10:16:49 UTC 2007


Hello,

I let everything go into one log file and found that I was receiving 
Auth, daemon, local, authpriv, ftp, mail, cron, kern, syslog informations.
I found that mail, syslog messages were not important to me.
How can avoid them? Nullify them was one solution.
Tried to log *local0.notice;
local0.debug;mail.*;mail.none;mail.info;local0.info @xx.xx.xx.xx but I m not
receiving any logs now.
How can u help?

Thanks for your prompt reply.

Regards,

Grace


-----Original Message-----
From: afnog-bounces at afnog.org [mailto:afnog-bounces at afnog.org] On Behalf Of
Scott Weeks
Sent: Monday, August 06, 2007 8:36 PM
To: afnog at afnog.org
Subject: Re: [afnog] syslog levels



------- ingabireg at terracom.rw wrote: ---------------

I want to send log messages from my hosts to the central syslog server. I
can log everything by using *.*     @ xx.xx.xx.xx this works, but I think it
will be full of information to be of any real use.

I have seen that we have 7 levels but want to know the important one (with
enough details). Attached is a description of those levels.
-------------------------------------------------



I do this two ways.  First, I let *everything* go into the log file.  Then I
look through it by getting rid of things I don't want to see (or have
already taken care of) one at a time:

cat /var/log/mylog | egrep -v 'term1|term2|termN' | less

This shows me everything except the lines which contain term1, term2 or
termN and I just keep adding terms until I have looked at everything in the
file.  Later, you will find a lot of terms you rarely want to see and you
can write a small shell script like this:

#! /bin/sh
cat /var/log/mylog | egrep -v 'term1|term2|term3' | less

Then you won't have to type the above every time.  You can call your shell
script, say, "logwatch" and then all you have to do is go to the directory
and type "./logwatch".  Be sure your permissions are set properly: "chmod
u+x logwatch"


One more fun thing to do is watch stuff in real time:

tail -f /var/log/mylog | egrep -v 'term1|term2|term3'

Where the terms are things I don't want to see.  Having everything in the
log, as some one mentioned earlier, allows you to go back to an error and
look at it in context to other things happening.

scott




























_______________________________________________
afnog mailing list
http://afnog.org/mailman/listinfo/afnog





More information about the afnog mailing list