On 2017-05-04, Paolo Aglialoro <paol...@gmail.com> wrote:
> Hi all,
>
> I have an internal LAN syslogd server (recently upgraded to 6.1) since a
> couple of years. It was successfully logging an old 2611XM cisco router,
> now logs a dell switch and the new 2851 cisco router which swapped the old
> one.
>
> PROBLEM: while the dell switch correctly logs in the designated file, the
> new cisco router logs on /var/log/messages instead of writing in its
> designated file.
>
> Relevant config on C2851:
> logging trap debugging
> logging facility local1
> logging 10.0.0.234
>
> Relevant config in /etc/rc.conf.local:
> # rcctl get syslogd
> syslogd_class=daemon
> syslogd_flags=-u -a /var/spool/postfix/dev/log
> syslogd_rtable=0
> syslogd_timeout=30
> syslogd_user=root
>
> Relevant config in /etc/syslog.conf
> #local0.debug /var/log/c2611xm.log
> local1.debug /var/log/c2851.log
> local2.debug /var/log/switch.log
>
> Output of /etc/pf.conf:
> set skip on lo
> pass in quick inet proto udp from {10.0.0.100, 10.0.0.101} to any port 514
> # syslog
> pass in quick inet from any to any port 123
> pass
> block return in on ! lo0 proto tcp to port 6000:6010
>
>
> What could the problem with local1.debug be?
1. Did you create the /var/log/c2851.log file before reloading syslogd config?
2. You didn't include all of the relevant lines - unless you changed the
default line for /var/log/messages you'll still get "notice" and higher level
messages from local1 written there.
