To all of the people who responded to my questions, many thanks..
(There were just too many responses to thank everyone individually).
Overall, the suggestions were similar.
Don't use spaces, use tabs when configuring syslog.conf.
After making changes, kill -HUP pid for syslog.conf.
The message below is from Kai O'Yang who was one of may who forwarded
their syslog.conf files to share.
I am now receiving auth.notice messages from a remote system to my
loghost(on both the console and authlog file.
The only real problem I have that I haven't been able to resolve with
this is that the name of the remote host is not showing up. Instead,
I am receiving "???" in its place, and garbage on the device name:
Oct 23 14:44:32 ??? su:'su root' succeeded for mconroy on /dev/pts/3^m
I am sure it is configured correctly in dns. So I am at a lost.
Any thought???
Thanks again for everyone's help.
Mark Conroy
First add a loghost alias in /etc/hosts or nis table for the syslog
host. Here's my syslog.conf for all client machines.
#ident "@(#)syslog.conf 1.3 93/12/09 SMI" /* SunOS 5.0
*/ #
# Copyright (c) 1991-1993, by Sun Microsystems, Inc. #
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names #
that match m4 reserved words. Also, within ifdef's, arguments #
containing commas must be quoted.
#
# Note: Have to exclude user from most lines so that user.alert #
and user.emerg are not included, because old sendmails # will
generate them for debugging information. If you
# have no 4.2BSD based systems doing network logging, you #
can remove all the special cases for "user" logging.
#
*.err;kern.notice;auth.notice;user.none /dev/console
*.err;kern.debug;daemon.notice;mail.crit;user.none @loghost
*.alert;kern.err;daemon.err;user.none operator,@loghost
*.alert;user.none root,@loghost
*.emerg;user.none @loghost auth.info
@loghost
mail.info @loghost daemon.info
@loghost
For the loghost:
#ident "@(#)syslog.conf 1.3 93/12/09 SMI" /* SunOS 5.0
*/ #
# Copyright (c) 1991-1993, by Sun Microsystems, Inc. #
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names #
that match m4 reserved words. Also, within ifdef's, arguments #
containing commas must be quoted.
#
# Note: Have to exclude user from most lines so that user.alert #
and user.emerg are not included, because old sendmails # will
generate them for debugging information. If you
# have no 4.2BSD based systems doing network logging, you #
can remove all the special cases for "user" logging.
#
*.err;kern.notice;auth.notice;user.none /dev/console
*.err;kern.debug;daemon.notice;mail.crit;user.none
/var/adm/messages
*.alert;kern.err;daemon.err;user.none operator
*.alert;user.none root
*.emerg;user.none * auth.info
/var/log/authlog mail.info
/var/log/mlog
#
# Adding log to daemon information
#
daemon.info /var/log/syslog
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:06 CDT