[Mimedefang] potential stock syslogd caveats
Jeremy Mates
jmates at sial.org
Mon Mar 1 12:24:54 EST 2004
* Jon R. Kibler <Jon.Kibler at aset.com>
> The only thing I have left to suggest is on the machine that isn't
> logging, run syslogd in debug mode and see if it is ever getting the
> log requests.
Have the usual syslogd caveats been covered yet?
1. Some syslog varients *really* want tabs, not spaces in
/etc/syslog.conf between the facility/priority statement and the
destination.
$ sudo perl -i.orig -pe 's/ /\t/g' /etc/syslog.conf
$ diff /etc/syslog.conf.orig /etc/syslog.conf
If different (and diff is not ignoring whitespace changes),
restart syslogd.
2. Some syslog varients will not log if the appropriate logfile did
not exist when the syslog daemon started up. No /var/log/maillog,
no logs.
Create the logfile with proper permissions, then restart syslog.
Currently I replace the default syslog daemon with syslog-ng if
possible, which allows logging over TCP (no lost UDP logs: good for
logging from a limited number of core servers, as opposed to lots of
clients), and other benefits such as built in logfile rotation (no
stupid conveyer belt of logfiles and syslogd restarting) and logging of
the facility and priority.
More information about the MIMEDefang
mailing list