# Syslog problem



## yhq_34 (Feb 3, 2016)

Hi guys;

I make my system can receive message from my cisco router, but it also show in /var/log/messages, how can I setup to avoid this?


```
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err    /var/log/messages
+172.16.1.1
*.*                        /var/log/cisco.log
```


----------



## SirDice (Feb 3, 2016)

yhq_34 said:


> I make my system can receive message from my cisco router, but it also show in /var/log/messages, how can I setup to avoid this?




```
-172.16.1.1
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err    /var/log/messages
+172.16.1.1
*.*                        /var/log/cisco.log
```


----------



## yhq_34 (Feb 4, 2016)

if I add another device's ip. Like below, seems still have 172.16.1.2 log in /var/log/messages. 

```
-172.16.1.1
-172.16.1.2
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err    /var/log/messages
```


----------



## Juha Nurmela (Feb 4, 2016)

syslog.conf(5) explains the mechanism. You might use

```
+@
# locally generated messages handled here

+172.16.1.1,name1
# in case it appears as name1 sometimes, 172.16.1.1 some other times

+172.16.1.2,name2
# ...
```

Juha


----------



## yhq_34 (Feb 16, 2016)

Juha Nurmela said:


> syslog.conf(5) explains the mechanism. You might use
> 
> ```
> +@
> ...



I setup like you talked, but my messages log will have 172.16.1.2's log too.


----------



## Juha Nurmela (Feb 17, 2016)

Show the whole file, please?

Juha


----------



## yhq_34 (Feb 17, 2016)

please check

```
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
ftp.info /var/log/xferlog
cron.* /var/log/cron
!-devd
*.=debug /var/log/debug.log
*.emerg *
# uncomment this to log all writes to /dev/console to /var/log/console.log
# touch /var/log/console.log and chmod it to mode 600 before it will work
#console.info /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
#*.* /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.* @loghost
# uncomment these if you're running inn
# news.crit /var/log/news/news.crit
# news.err /var/log/news/news.err
# news.notice /var/log/news/news.notice
# Uncomment this if you wish to see messages produced by devd
# !devd
# *.>=notice /var/log/devd.log
!ppp
*.* /var/log/ppp.log
!*
+@
+172.16.1.1
*.* /var/log/161.log
+172.16.1.2
*.* /var/log/162.log
```


----------



## Juha Nurmela (Feb 17, 2016)

Lift the *+@* to the very beginning of file, that's the command which selects only local host. Until another + line is seen, order is important.

Juha

obsessive/compulsive and paranoid could use
+@,_every,possible,name,or,number,this,host,might,be,known,as_


----------



## yhq_34 (Feb 17, 2016)

I found another problem, it's debug.log full of below two messages;

```
Feb 17 20:34:07 freebsd syslogd: NSSWITCH(_nsdispatch): mdns4_minimal, hosts, gethostbyaddr_r, not found, and no fallback provided
Feb 17 20:34:07 freebsd syslogd: NSSWITCH(_nsdispatch): mdns4, hosts, gethostbyaddr_r, not found, and no fallback provided
```


----------

