A syslog question

Hi,

I've got a FreeBSD 7.4-RELEASE machine running hostapd. And by default it seems that all messages generated end up in /var/log/messages. I've been able to direct them also into a file of my choice, /var/log/hostapd.log, in an effort to try and keep messages file more clean. But that's where I'm stuck. I've tried a few different lines in /etc/syslog.conf, but to no avail.

This is the working directive into hostapd.log:
Code:
!hostapd
*.*                                             /var/log/hostapd.log

A helping hand to show me how to keep these out of /var/log/messages would be greatly appreciated.
 
qsecofr said:
A helping hand to show me how to keep these out of /var/log/messages would be greatly appreciated.
Can you post your /etc/syslog.conf, or at least the entries referring to /var/log/messages?

Fonz
 
These entries point to /var/log/messages

Code:
kern.=debug                                     /var/log/messages
#*.notice                                       /var/log/messages
!-hostapd.notice                                /var/log/messages
daemon.info;mail.crit                           /var/log/messages
*.emerg                                         *
 
Start your /etc/syslog.conf with
Code:
!-hostapd
All the following rules will disregard hostapd until you say otherwise, so this is the place to put all non-hostapd-related rules. Then, write
Code:
!hostapd
and add any rules specific to hostapd.

Example (tweak to your liking but you'll probably get the idea):
Code:
# First, exclude hostapd until further notice.
!-hostapd

# Everything (except hostapd) goes to /var/log/messages and important
# messages go to root's terminal(s) too.
*.*   /var/log/messages
*.err root

# Example of some other random program (nginx) of which the messages
# will go in a seperate logfile IN ADDITION TO what's specified above
# (i.e. /var/log/messages and root).
!nginx
*.*   /var/log/nginx.log

# Now, specify where hostapd goes.
!hostapd
*.*   /var/log/hostapd.log

Hope this helps,

Fonz
 
  • Thanks
Reactions: zhl
The explanation makes sense and helps me understand better. I've edited /etc/syslog.conf so that the hostapd exclusion is the very first line.

Code:
!-hostapd

cut

Followed by some entries that pertain to /var/log/messages

Code:
kern.=debug                                     /var/log/messages
#*.notice                                       /var/log/messages
daemon.info                                     /var/log/messages

and possibly
Code:
*.emerg                                         *

and then down the bottom
Code:
!hostapd
*.*                                             /var/log/hostapd.log

But yet after restarting hostapd I still see entries like the following in messages
Code:
Nov 23 10:41:50 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 IEEE 802.11: associated
Nov 23 10:41:50 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: pairwise key handshake completed (WPA)
Nov 23 10:41:50 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: group key handshake completed (WPA)

Is reboot necessary in addition to restarting hostapd? Or is it possible these log entries fall into one of those few categories still pointing to /var/log/messages?
 
qsecofr said:
Is reboot necessary in addition to restarting hostapd?
Rebooting is rarely necessary on UN*X systems. But besides hostapd you do also need to restart syslogd for the changes to take effect: # /etc/rc.d/syslogd restart
I had to do that several times trying to find your answer ;)

Fonz
 
I wish it worked as well for me as it worked for you. I restarted both syslogd and hostapd, but still observe the duplication of log messages.

In the end I went through /etc/syslog.conf and commented out line-by-line anything pertaining to /var/log/messages. It seems daemon.info is the guilty party.

Code:
#daemon.info                                    /var/log/messages

Code:
# tail /var/log/hostapd.log
Nov 23 21:25:50 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: group key handshake completed (WPA)
Nov 23 21:27:20 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 IEEE 802.11: associated
Nov 23 21:27:20 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: pairwise key handshake completed (WPA)
Nov 23 21:27:20 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: group key handshake completed (WPA)
Nov 23 21:28:50 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 IEEE 802.11: associated
Nov 23 21:28:50 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: pairwise key handshake completed (WPA)
Nov 23 21:28:50 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: group key handshake completed (WPA)
Nov 23 21:30:21 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 IEEE 802.11: associated
Nov 23 21:30:21 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: pairwise key handshake completed (WPA)
Nov 23 21:30:21 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: group key handshake completed (WPA)

and

Code:
# tail /var/log/messages
Nov 23 21:21:20 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: group key handshake completed (WPA)
Nov 23 21:22:50 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 IEEE 802.11: associated
Nov 23 21:22:50 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: pairwise key handshake completed (WPA)
Nov 23 21:22:50 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: group key handshake completed (WPA)
Nov 23 21:23:33 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 IEEE 802.11: associated
Nov 23 21:23:33 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: pairwise key handshake completed (WPA)
Nov 23 21:23:33 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: group key handshake completed (WPA)
Nov 23 21:24:20 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 IEEE 802.11: associated
Nov 23 21:24:20 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: pairwise key handshake completed (WPA)
Nov 23 21:24:20 hostname hostapd: ral0: STA 20:4e:7f:e4:1a:37 WPA: group key handshake completed (WPA)

But I don't know what impact that may have. What other services use facility daemon and log level info (or greater than)?
 
Back
Top