How do I configure syslog to send everything from a process to daemon.log instead of messages?

Z

Zaragon

So I use sshguard, and it is very chatty, and it is clogging up my main syslog (/var/log/messages). I would like it if it would instead log all of its messages to /var/log/daemon.log, like dhcpd does with its DHCPREQUEST/DHCPACK messages. SSHguard doesn't seem to have any obvious way to control its own logging, so I thought maybe I could control it on the syslogd end.

I added the following lines to /var/log/syslog.conf:
Code: 
!sshguard
*.*                                             /var/log/daemon.log
And it is sending the messages to /var/log/daemon.log like I asked. The problem is that it is also still sending the messages to /var/log/messages! How do I get that to stop? Or is there a better way to do this that doesn't involve syslogd?
 
Maybe this will help. Order matters, that being said.

The issue you're experiencing is that syslogd processes rules **in order** and doesn't automatically exclude messages from previous rules just because you've added a new rule for them. Your current configuration sends sshguard messages to `/var/log/daemon.log`, but they're still matching the earlier rule that sends everything to `/var/log/messages`.

Here's the correct way to solve this in FreeBSD's syslogd:

## Solution: Use the `~` (tilde) discard action

Modify your `/etc/syslog.conf` like this:

```syslog
# First, handle sshguard specifically and discard after logging
!sshguard
*.* /var/log/daemon.log
~ # discard sshguard messages

# Then your other rules (including the general messages rule)
!*
*.err;kern.debug;auth.notice;mail.crit /var/log/messages
# ... rest of your existing configuration
```
So use that ~ tilda sign wisely :)
I hope this information helps solve your issue.
 
You must log in or register to reply here.
Back
Top