For me, there were two main problems with FREESCO's /var/messages file. Firstly, the important stuff was logged among a whole bunch of useless (or just really wordy) stuff, and that made it a pain to find things at times. Secondly, the logs are lost when you reboot.
Here's what I did about it.
All you need is tail. I actually built tail from source on my Slackware devel machine and then copied it to FREESCO, but I believe you can get it in dingetje's util package or something like that.
In which package can you find tail?
The key is a shell script (which I have called /usr/bin/logprocess) to which we feed log lines. It searches them for keywords and then writes them to a certain file.
This shell script simply passes any new lines coming into the syslog onto /usr/bin/logprocess.
/usr/bin/logdispatch
#!/bin/sh /usr/bin/tail -f /var/messages | /usr/bin/logprocess
I used a script because I couldn't figure out how to include a pipe in a fork subcommand, so instead I just forked this shell script.
And now for what to do with all that text!
This is the way I did it:
/usr/bin/logprocess
#!/bin/sh ftp() { echo "$LINE" >> /boot/log/ftp/$(date +%y%m.log) } ssh() { echo "$LINE" >> /boot/log/ssh/$(date +%y%m.log) } fw() { echo "$LINE" >> /boot/log/fw/$(date +%y%m.log) } misc() { echo "$LINE" >> /boot/log/misc/$(date +%y%m.log) } until false; do read LINE if [ -n "$(echo $LINE | grep ftpd)" ]; then ftp; elif [ -n "$(echo $LINE | grep sshd)" ]; then ssh; elif [ -n "$(echo $LINE | grep fw)" ]; then fw; else misc; fi done
Obviously you could get the same effect without all the functions, but I wanted to have the flexibility to further filter each type of log item, for instance if I'm running a program that generates firewall entries that I don't need to record, I can just throw away those entries in the fw function.
$(date +%y%m.log) generates a filename based on the year and month; e.g. in January 2007 the filename 0701.log would be used.
You can adjust all this to suit your needs.
Add
fork /usr/bin/logdispatch
to /rc/rc_user's start section.
Make sure the two scripts are executable, for instance by typing
chmod u+x /usr/bin/logdispatch /usr/bin/logrotate
Make sure the directories you have chosen (e.g. /boot/log/ftp etc.) exist. Also ensure that they are preserved across a reboot.