Thanks for the answer Stuart!
Yes, I had created the file 644 root:wheel as listed (mtime is of yesterday
I as deleted and recreated it when fiddling before writing to list):
$ l /var/log/c2821.log
-rw-r--r-- 1 root wheel - 1 May 4 15:43 /var/log/c2821.log
$ l /var/log/switch.log
-rw-r--r-- 1 root wheel - 28546 Mar 20 01:48 /var/log/switch.log
The whole /etc/syslog.conf follows. Maybe should I put the local1.debug
BEFORE the lines for /var/log/messages? It's a mystery to me why debug2
works as debug0 did while debug1 does this.
# $OpenBSD: syslog.conf,v 1.20 2016/12/27 13:38:14 jca Exp $
#
*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages
kern.debug;syslog,user.info /var/log/messages
auth.info /var/log/authlog
authpriv.debug /var/log/secure
cron.info /var/cron/log
daemon.info /var/log/daemon
ftp.info /var/log/xferlog
lpr.debug /var/log/lpd-errs
mail.info /var/log/maillog
#local0.debug /var/log/2611xm.log
local1.debug /var/log/c2851.log
local2.debug /var/log/switch.log
# Uncomment this line to send "important" messages to the system
# console: be aware that this could create lots of output.
#*.err;auth.notice;authpriv.none;kern.debug;mail.crit /dev/console
# Uncomment this to have all messages of notice level and higher
# as well as all authentication messages sent to root.
#*.notice;auth.debug root
# Everyone gets emergency messages.
#*.emerg *
# Uncomment to log to a central host named "loghost". You need to run
# syslogd with the -u option on the remote host if you are using this.
# (This is also required to log info from things like routers and
# ISDN-equipment). If you run -u, you are vulnerable to syslog bombing,
# and should consider blocking external syslog packets.
#*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none @loghost
#auth,daemon,syslog,user.info;authpriv,kern.debug @loghost
# Uncomment to log messages from doas(1) to its own log file. Matches are
done
# based on the program name.
# Program-specific logs:
#!doas
#*.* /var/log/doas
On Fri, May 5, 2017 at 12:05 PM, Stuart Henderson <s...@spacehopper.org>
wrote:
> On 2017-05-04, Paolo Aglialoro <paol...@gmail.com> wrote:
> > Hi all,
> >
> > I have an internal LAN syslogd server (recently upgraded to 6.1) since a
> > couple of years. It was successfully logging an old 2611XM cisco router,
> > now logs a dell switch and the new 2851 cisco router which swapped the
> old
> > one.
> >
> > PROBLEM: while the dell switch correctly logs in the designated file, the
> > new cisco router logs on /var/log/messages instead of writing in its
> > designated file.
> >
> > Relevant config on C2851:
> > logging trap debugging
> > logging facility local1
> > logging 10.0.0.234
> >
> > Relevant config in /etc/rc.conf.local:
> > # rcctl get syslogd
> > syslogd_class=daemon
> > syslogd_flags=-u -a /var/spool/postfix/dev/log
> > syslogd_rtable=0
> > syslogd_timeout=30
> > syslogd_user=root
> >
> > Relevant config in /etc/syslog.conf
> > #local0.debug
> /var/log/c2611xm.log
> > local1.debug
> /var/log/c2851.log
> > local2.debug
> /var/log/switch.log
> >
> > Output of /etc/pf.conf:
> > set skip on lo
> > pass in quick inet proto udp from {10.0.0.100, 10.0.0.101} to any port
> 514
> > # syslog
> > pass in quick inet from any to any port 123
> > pass
> > block return in on ! lo0 proto tcp to port 6000:6010
> >
> >
> > What could the problem with local1.debug be?
>
> 1. Did you create the /var/log/c2851.log file before reloading syslogd
> config?
>
> 2. You didn't include all of the relevant lines - unless you changed the
> default line for /var/log/messages you'll still get "notice" and higher
> level
> messages from local1 written there.
>
>
>
