Whitespace fix only. Translators can ignore.

Sponsored by: iXsystems

en_US.ISO8859-1/books/handbook/network-servers/chapter.xml

@@ -5422,130 +5422,131 @@ driftfile /var/db/ntp.drift</programlisting>
 
     <para>Interacting with system logs is a crucial aspect of both
       security and system administration.  Monitoring the log files of
-      multiple hosts can become unwieldy as the number of systems increases.
-      Configuring centralized logging can reduce
-      some of the administrative burden of log file administration.</para>
-      
-    <para>Centralized log file aggregation, merging, and rotation can be configured
-      using &os; native tools, such as
-      &man.syslogd.8; and &man.newsyslog.8;.  This section demonstrates an example
+      multiple hosts can become unwieldy as the number of systems
+      increases.  Configuring centralized logging can reduce some of
+      the administrative burden of log file administration.</para>
+
+    <para>Centralized log file aggregation, merging, and rotation can
+      be configured using &os; native tools, such as &man.syslogd.8;
+      and &man.newsyslog.8;.  This section demonstrates an example
       configuration, where host <systemitem>A</systemitem>, named
       <systemitem
 	class="fqdomainname">logserv.example.com</systemitem>, will
       collect logging information for the local network.  Host
       <systemitem>B</systemitem>, named <systemitem
-	class="fqdomainname">logclient.example.com</systemitem>, will be configured to
-      pass logging information to the logging server.</para>
+	class="fqdomainname">logclient.example.com</systemitem>, will
+      be configured to pass logging information to the logging
+      server.</para>
 
     <sect2>
       <title>Log Server Configuration</title>
 
-      <para>A log server is a system that has been configured to accept logging
-	information from other hosts.  Before configuring a log server, check the following:</para>
+      <para>A log server is a system that has been configured to
+	accept logging information from other hosts.  Before
+	configuring a log server, check the following:</para>
 
       <itemizedlist>
 	<listitem>
 	  <para>If there is a firewall between the logging server and
-	    any logging clients, ensure that the firewall ruleset allows <acronym>UDP</acronym>
-	    port 514 for both the clients and the
-	    server.</para>
+	    any logging clients, ensure that the firewall ruleset
+	    allows <acronym>UDP</acronym> port 514 for both the
+	    clients and the server.</para>
 	</listitem>
 
 	<listitem>
-	  <para>The logging server and all client
-	    machines must have forward and reverse entries in
-      the local <acronym>DNS</acronym>.  If the network does not have 
-      a <acronym>DNS</acronym> server, create entries in each system's
-      <filename>/etc/hosts</filename>.  Proper name resolution is required
-      so that log entries are not rejected by the logging server.</para>
+	  <para>The logging server and all client  machines must have
+	    forward and reverse entries in the local
+	    <acronym>DNS</acronym>.  If the network does not have a
+	    <acronym>DNS</acronym> server, create entries in each
+	    system's <filename>/etc/hosts</filename>.  Proper name
+	    resolution is required so that log entries are not
+	    rejected by the logging server.</para>
 	</listitem>
       </itemizedlist>
 
-      <para>On the log server, edit 
+      <para>On the log server, edit
 	<filename>/etc/syslog.conf</filename> to specify the name of
-	the client to receive log entries from, the logging
-	facility to be used, and the name of the log to store the
-	host's log entries.  This example adds the hostname of
+	the client to receive log entries from, the logging facility
+	to be used, and the name of the log to store the host's log
+	entries.  This example adds the hostname of
 	<systemitem>B</systemitem>, logs all facilities, and stores
-	the log entries in <filename>/var/log/logclient.log</filename>.</para>
+	the log entries in
+	<filename>/var/log/logclient.log</filename>.</para>
 
       <example>
 	<title>Sample Log Server Configuration</title>
 
-      <programlisting>+logclient.example.com
+	<programlisting>+logclient.example.com
 *.*     /var/log/logclient.log</programlisting>
       </example>
 
-	<para>When adding multiple log clients, add a similar two-line entry
-	  for each client.  More information about the available
-	  facilities may be found in
-	  &man.syslog.conf.5;.</para>
+      <para>When adding multiple log clients, add a similar two-line
+	entry for each client.  More information about the available
+	facilities may be found in &man.syslog.conf.5;.</para>
 
       <para>Next, configure <filename>/etc/rc.conf</filename>:</para>
 
       <programlisting>syslogd_enable="YES"
 syslogd_flags="-a logclient.example.com -v -v"</programlisting>
 
-      <para>The first entry starts
-	<application>syslogd</application> at system boot.  The second
-	entry allows log entries from the specified client.
-	The <option>-v -v</option>
-	increases the verbosity of logged messages.  This is
-	useful for tweaking facilities as administrators are
-	able to see what type of messages are being logged under each
-	facility.</para>
+      <para>The first entry starts <application>syslogd</application>
+	at system boot.  The second entry allows log entries from the
+	specified client.  The <option>-v -v</option> increases the
+	verbosity of logged messages.  This is useful for tweaking
+	facilities as administrators are able to see what type of
+	messages are being logged under each facility.</para>
 
       <para>Multiple <option>-a</option> options may be specified to
 	allow logging from multiple clients.  <acronym>IP</acronym>
 	addresses and whole netblocks may also be specified.  Refer to
-	&man.syslogd.8; for a full list of possible
-	options.</para>
+	&man.syslogd.8; for a full list of possible options.</para>
 
       <para>Finally, create the log file:</para>
 
       <screen>&prompt.root; <userinput>touch /var/log/logclient.log</userinput></screen>
 
-      <para>At this point, <application>syslogd</application>
-	should be restarted and verified:</para>
+      <para>At this point, <application>syslogd</application> should
+	be restarted and verified:</para>
 
       <screen>&prompt.root; <userinput>service syslogd restart</userinput>
 &prompt.root; <userinput>pgrep syslog</userinput></screen>
 
       <para>If a <acronym>PID</acronym> is returned, the server
-	restarted successfully, and client configuration can
-	begin.  If the server did not restart, consult
+	restarted successfully, and client configuration can begin.
+	If the server did not restart, consult
 	<filename>/var/log/messages</filename> for the error.</para>
     </sect2>
 
     <sect2>
       <title>Log Client Configuration</title>
 
-      <para>A logging client sends log entries
-	to a logging server on the network.  The client also keeps a local
-	copy of its own logs.</para>
+      <para>A logging client sends log entries to a logging server on
+	the network.  The client also keeps a local copy of its own
+	logs.</para>
 
       <para>Once a logging server has been configured, edit
-	<filename>/etc/rc.conf</filename> on the logging client:</para>
+	<filename>/etc/rc.conf</filename> on the logging
+	client:</para>
 
       <programlisting>syslogd_enable="YES"
 syslogd_flags="-s -v -v"</programlisting>
 
-      <para>The first entry enables
-	<application>syslogd</application> on boot up.  The second entry
-	prevents logs from being accepted by this client from
-	other hosts (<option>-s</option>) and increases
-	the verbosity of logged messages.</para>
+      <para>The first entry enables <application>syslogd</application>
+	on boot up.  The second entry prevents logs from being
+	accepted by this client from other hosts (<option>-s</option>)
+	and increases the verbosity of logged messages.</para>
 
       <para>Next, define the logging server in the client's
 	<filename>/etc/syslog.conf</filename>.  In this example, all
-	logged facilities are sent to a remote system, denoted by 
-	the <literal>@</literal> symbol,
-	with the specified hostname:</para>
+	logged facilities are sent to a remote system, denoted by the
+	<literal>@</literal> symbol, with the specified
+	hostname:</para>
 
       <programlisting>*.*		@logserv.example.com</programlisting>
 
-      <para>After saving the edit, restart <application>syslogd</application>
-	for the changes to take effect:</para>
+      <para>After saving the edit, restart
+	<application>syslogd</application> for the changes to take
+	effect:</para>
 
       <screen>&prompt.root; <userinput>service syslogd restart</userinput></screen>
 
@@ -5557,21 +5558,22 @@ syslogd_flags="-s -v -v"</programlisting>
 
       <para>This message should now exist both in
 	<filename>/var/log/messages</filename> on the client and
-	<filename>/var/log/logclient.log</filename> on the
-	log server.</para>
+	<filename>/var/log/logclient.log</filename> on the log
+	server.</para>
     </sect2>
 
     <sect2>
       <title>Debugging Log Servers</title>
 
-      <para>If no messages are
-	being received on the log server, the cause is most likely a
-	network connectivity issue, a hostname resolution issue, or a typo in a configuration file.
-	To isolate the cause, ensure that both the logging server and the logging client are able to <command>ping</command>
-	each other using the hostname specified in their
+      <para>If no messages are being received on the log server, the
+	cause is most likely a network connectivity issue, a hostname
+	resolution issue, or a typo in a configuration file.  To
+	isolate the cause, ensure that both the logging server and the
+	logging client are able to <command>ping</command> each other
+	using the hostname specified in their
 	<filename>/etc/rc.conf</filename>.  If this fails, check the
-	network cabling, the firewall ruleset, and the hostname entries
-	in the <acronym>DNS</acronym> server or
+	network cabling, the firewall ruleset, and the hostname
+	entries in the <acronym>DNS</acronym> server or
 	<filename>/etc/hosts</filename> on both the logging server and
 	clients.  Repeat until the <command>ping</command> is
 	successful from both hosts.</para>
@@ -5579,11 +5581,13 @@ syslogd_flags="-s -v -v"</programlisting>
       <para>If the <command>ping</command> succeeds on both hosts but
 	log messages are still not being received, temporarily
 	increase logging verbosity to narrow down the configuration
-	issue. In the following example,
-	<filename>/var/log/logclient.log</filename> on the logging server is empty and
-	<filename>/var/log/messages</filename> on the logging client does not indicate a
-	reason for the failure.  To increase debugging output, edit the
-	<literal>syslogd_flags</literal> entry on the logging server and issue a restart:</para>
+	issue.  In the following example,
+	<filename>/var/log/logclient.log</filename> on the logging
+	server is empty and <filename>/var/log/messages</filename> on
+	the logging client does not indicate a reason for the failure.
+	To increase debugging output, edit the
+	<literal>syslogd_flags</literal> entry on the logging server
+	and issue a restart:</para>
 
       <programlisting>syslogd_flags="-d -a logclien.example.com -v -v"</programlisting>
 
@@ -5601,11 +5605,11 @@ cvthname(192.168.1.10)
 validate: dgram from IP 192.168.1.10, port 514, name logclient.example.com;
 rejected in rule 0 due to name mismatch.</screen>
 
-      <para>In this example, the log messages are being rejected due to a
-	typo which results in
-	a hostname mismatch.  The client's hostname should be <literal>logclient</literal>, not
-	<literal>logclien</literal>.  Fix the typo, issue
-	a restart, and verify the results:</para>
+      <para>In this example, the log messages are being rejected due
+	to a typo which results in a hostname mismatch.  The client's
+	hostname should be <literal>logclient</literal>, not
+	<literal>logclien</literal>.  Fix the typo, issue a restart,
+	and verify the results:</para>
 
       <screen>&prompt.root; <userinput>service syslogd restart</userinput>
 logmsg: pri 56, flags 4, from logserv.example.com, msg syslogd: restart
@@ -5629,25 +5633,23 @@ Logging to FILE /var/log/messages</screen>
       <title>Security Considerations</title>
 
       <para>As with any network service, security requirements should
-	be considered before implementing a logging server.
-	Log files may contain sensitive data about services
-	enabled on the local host, user accounts, and configuration
-	data.  Network data sent from the client to the server will
-	not be encrypted or password protected.  If a need for
-	encryption exists, consider using
-	<package>security/stunnel</package>, which
-	will transmit the logging data over an encrypted tunnel.</para>
+	be considered before implementing a logging server.  Log files
+	may contain sensitive data about services enabled on the local
+	host, user accounts, and configuration data.  Network data
+	sent from the client to the server will not be encrypted or
+	password protected.  If a need for encryption exists, consider
+	using <package>security/stunnel</package>, which will transmit
+	the logging data over an encrypted tunnel.</para>
 
       <para>Local security is also an issue.  Log files are not
 	encrypted during use or after log rotation.  Local users may
 	access log files to gain additional insight into system
-	configuration.  Setting proper permissions
-	on log files is critical.  The built-in log rotator, &man.newsyslog.8;,
-	supports setting permissions on newly created and
-	rotated log files.  Setting log files to mode
-	<literal>600</literal> should prevent unwanted access
-	by local users.  Refer to &man.newsyslog.conf.5; for
-	additional information.</para>
+	configuration.  Setting proper permissions on log files is
+	critical.  The built-in log rotator, &man.newsyslog.8;,
+	supports setting permissions on newly created and rotated log
+	files.  Setting log files to mode <literal>600</literal>
+	should prevent unwanted access by local users.  Refer to
+	&man.newsyslog.conf.5; for additional information.</para>
     </sect2>
   </sect1>