View Single Post
  #1   (View Single Post)  
Old 23rd May 2021
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default Splitting relayd log entries from /var/log/daemon

Part of growing up is that you get your own things. You get your own bike instead of sharing it with a sibling. You get your own bedroom, car etc.

So I decided to give relayd(8) a log file of its own and not having to share it with other daemons in /var/log/daemon

After some experimentation I found that the following works:
Code:
 #       $OpenBSD: syslog.conf,v 1.20 2016/12/27 13:38:14 jca Exp $
#

# --- 
!!relayd
*.*                                                     /var/log/relayd

*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages
kern.debug;syslog,user.info                             /var/log/messages
auth.info                                               /var/log/authlog
authpriv.debug                                          /var/log/secure
cron.info                                               /var/cron/log
daemon.info                                             /var/log/daemon
[snip]
# Uncomment to log messages from doas(1) to its own log file.  Matches are done
# based on the program name.
# Program-specific logs:
#!doas
#*.*                                                    /var/log/doas
When I had those two lines at the end (after the doas entry), relayd log entries, although going to /var/log/relayd still were also logged in var/log/daemon.

From syslog.conf(5)

Quote:
Each block of lines is separated from the previous block by a tag. The
tag is a line beginning with !prog and each block will be associated with
calls to syslog from that specific program (matched using glob(7) rules).
When a message matches multiple blocks, the action of each matching block
is taken. If no tag is specified at the beginning of the file, every
line is checked for a match and acted upon (at least until a tag is
found).

!!prog causes the subsequent block to abort evaluation when a message
matches, ensuring that only a single set of actions is taken. !* can be
used to ensure that any ensuing blocks are further evaluated (i.e.
cancelling the effect of a !prog or !!prog).
To ensure the new settings are being used, remember to restart or reload the syslogd(8) daemon
Code:
# rcctl restart syslogd
syslogd(ok)
syslogd(ok)
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote