following config rules:
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
ftp.* /var/log/vsftpd.log
First 2 lines mean, log everything to syslog except auth and authpriv, log them to auth.log.
Cron log is disabled by comment, daemon.* is in both syslog and daemon.log.
ftp.* logs to syslog but not to vsftpd.log, why?
what is the "-" prependet to the path?
I read the manpages but could not find information 'bout that.
Best Answer
The
ftp
facility will end up being ignored if your platform does not defineLOG_FTP
. This is probably the reason why -- it's interesting to note thatftp
isn't included as a valid facility in thersyslog.conf
manpage, most likely to avoid having to explain it.Looking at the source code, you can see where this happens in
runtime/srutils.c
:The
-
behavior is a bit nuanced. You'll need three URLs for the complete picture.-
behavior -- Search for "syncing"$ActionFileEnableSync
The short version: as of V3, a
-
prefix by itself specifies if you want a file to be omitted from disk syncing, but this is only meaningful if syncing has been enabled at all with$ActionFileEnableSync on
.It's still useful to include the syntax in your configuration if you operate with a mixed syslog daemon environment and there is a practice of sharing compatible configs between servers.