# syslogd logs to all.log, but not to my.log



## fredBSD (Mar 5, 2009)

Just spent a fun hour or two solving this one, so I thought I'd possibly save someone some head scratching if they run into the same problem.

I tried to set up a syslog server to log messages from my modem/router.

I followed the handbook instructions here:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-syslogd.html

Added the following to /etc/syslog.conf
+my.router
*.*    /var/log/my.router.log

And added this to /etc/rc.conf
syslogd_enable="YES"
syslogd_flags="-a my.router -vv"

touched /var/log/my.router.log

restarted the daemon with: /etc/rc.d/syslogd restart

Enabled the syslog client on the router and used tail -f to watch the messages pour in, but they didn't.

I used trafshow to check if there was any syslog traffic:
my.router,syslog   192.168.1.13,syslog    udp    9862    358

I added the -d switch to the syslogd_flags line in rc.conf, restarted the daemon and saw the lovely messages on the console.

I changed the bit at the top of syslog.conf to enable logging to /var/log/all.log, chmoded it to 600 and restarted syslogd. Tailed all.log and there they were. Put syslog.conf back as it was and tried all kinds of permissions on my.router.log, to no avail. 

I expect you've all guessed by now that the fix was to put my additions to syslog.conf nearer the top, just above these lines infact:

!startslip
*.*    /var/log/slip.log
!ppp
*.*    /var/log/ppp.log

There was even a clue to the cause of the problem, I guess, in the debug output:
cfline("*.*    /var/log/my.router.log", f, "ppp", "+my.router")

Thanks for reading and I hope it helps someone...


----------



## crsd (Mar 5, 2009)

Another solution could be adding "!*" (to reset program specification) prior to adding new rules


----------

