src.conf(5) knobs
This will allow consumers of FreeBSD to use the unmodified configuration
files out of the box more than previously.
Both newsyslog.conf and syslog.conf:
- /var/log/lpd-errs (MK_LPR != no)
- /var/log/ppp.log (MK_PPP != no)
- /var/log/xferlog (MK_FTP != no)
newsyslog.conf:
- /var/log/amd.log (MK_AMD != no)
- /var/log/pflog (MK_PF != no)
- /var/log/sendmail.st (MK_SENDMAIL != no)
MFC after: 3 weeks
Sponsored by: Dell EMC Isilon
All the '.conf' files not beginning with a '.' contained int he directory
following the keyword will be included.
This keyword can only be used in the first level configuration files.
Modify the default syslogd.conf to 'include' /etc/syslog.d and
/usr/local/etc/syslog.d
It simplify a lot handling of syslog from automation tools.
Reviewed by: markj, kib (via irc)
Approved by: markj
MFC after: 2 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D8402
Promoting the SIGINFO handler's log message from LOG_INFO to
LOG_NOTICE, and promoting the "Processing event ..." message from
LOG_DEBUG to LOG_INFO. Setting the logfile to LOG_NOTICE with this
change will have the same result as setting it to LOG_INFO without
this change. Setting it to LOG_INFO with this change will include
the useful "Processing event ..." messages that were previously at
LOG_DEBUG, without including useless messages like "Pushing table".
The intent of this change is that one can log "Processing event ..."
without logging "Pushing table" and related messages that are sent
for every event. The number of lines actually logged is reduced by
about 75% by making this change and setting syslog to LOG_INFO vs
setting syslog to LOG_DEBUG.
etc/syslog.conf
Changing the recommended loglevel to notice instead of info.
Sponsored by: Spectra Logic Corp
MFC after: 4 weeks
sbin/devd/devd.cc
All output will now go to syslog(3) if devd is daemonized, or stderr
if it's running in the foreground.
sbin/devd/devd.8
Remove the "-D" flag. Filtering messages by priority now
happens in the usual syslog way. For performance reasons, a few
extra-verbose debugging statements are now conditional on the "-d" (do
not daemonize) flag.
etc/syslog.conf
etc/newsyslog.conf
Direct messages from devd(8) to /var/log/devd.log, but leave it
disabled by default
Reviewed by: eadler
Approved by: gibbs (co-mentor)
MFC after: never (removed a command-line option from devd)
This allows to append custom rules at the end of the file without
risk of confusion that can result when one misses default !ppp line
and doesn't add another program specification and thus subsequent
selector(s) would belong to ppp program block.
Requested by: marck
Submitted by: marck
Approved by: jhb (mentor)
it does come back it would probably be better if users who were interested
in slip added appropriate lines instead of this being here unconditionally.
Reminded by: tut <at> nhamon <dot> com <dot> ua
this can cause a really heavy load on system. Several kernel debugging
messages can be triggered even remotely (e.g. bad ARP replies).
Use kern.warning instead, so that really significant messages still
will be printed on console.
Reviewed by: current@
MFC after: 1 week
Security: this change fixes a DoS condition, when default system
console is serial, and box is flooded with bogus ARP
packets
o Introduce /var/log/authentication.log, which will be the target for
auth.info and authpriv.info by default. Rotate on the same schedule
as most other logs. Create at installation.
o Remove logging of auth.info from /var/log/security.log, which will
return to being only for security feature subsystems (such as ipfw,
and so on).
This creates a special authentication log, which can now be searched
by scripts for authentication events.
systems due to sshd not using the security log class. Tweak syslog.conf
so that /var/log/security also gets a useful set of
authentication-related logging.
Submitted by: aeonflux@synapse.subneural.net
MFC after: 4 weeks
an all.log for logging all messages, and one to demonstrate use of loghosts.
Also, a matching entry in newsyslog.conf for all.log.
Per request of Garrett Wollman, also modified the maillog entry to use the
@T newsyslog time specification mechanism. Because newsyslog doesn't
support the mod date specification machanism, couldn't change other
entries that required more than one execution a month, but less than once
a day.
Approved by: jkh
Reviewed by: freebsd-security
should be used from now on for anything security but not auth-related.
Included are updates for all relevant manpages and also to /etc files,
creating a new /var/log/security. Nothing in the system logs to
/var/log/security yet as of the time of this commit.
Reviewed by: rgrimes, imp, chris
news.notice info should not be sent to /var/log/messages, as news has
its own set of logs and notice is overused by inn
added entries for newsservers (but they're commented out)
Further it implements crontab -e.
I moved cron from /usr/libexec to /usr/sbin where most daemons are
that are run from rc. That also gets rid of the ugly path crond
used to have in ps(1) outputs. Further I renamed it to cron, as
Paul Vixie likes it and is done by NetBSD.
NOTE VERY WELL THE FOLLOWING:
1) Systems crontab changed. Every users crontab resides in /var/cron
*EXCEPT* root's. This is a special crontab as it resides in
/etc. Further it is the *ONLY* crontab file in which you specify
usernames. See /usr/src/etc/crontab. This is also done by BSDI's
BSD/386 as far as I know (they provided the patches for it anyway)
2) So you *must* delete root's crontab and reinstall the copy
in /etc from /usr/src/etc.
'Must' is to much: the old installed crontab will work but cron
will also try to 'run' /etc/crontab.
3) Last but not least: cron's logging is now done via syslog. Note
that logging by cron is done lowercase when it logs about itsself
and uppercase when it logs user events, like installing a new crontab.
The default logfile file is the same as before:
syslog.conf:cron.* /var/cron/log
-Guido
