5.4.3 mgetty, logging into syslog

If your system has a syslogd and the syslog() C function, mgetty can send parts of its log files to the syslog (For details, see comments in policy.h). Not all the information from the log file is logged here (to avoid clobbering the syslog), just errors and so-called "audit" messages (seen in the log file as lines with "####" at the beginning). These have a fixed format, and could easily be parsed by a program. Let me list a few, and then comment them.

Mar  3 18:36:16 greenie mgetty[673]: failed A_FAIL dev=tty4d, pid=673, caller=none, conn='', name=''
Mar  3 18:41:56 greenie mgetty[1866]: fax dev=tty4d, pid=1866, caller=none, name='', id='49 89 3243328        ', +FHNG=100, pages=1, time=00:00:29 
Mar  3 21:46:56 greenie mgetty[4807]: fax dev=tty4d, pid=4807, caller=none, name='', id='+31 20 6147110       ', +FHNG=000, pages=1, time=00:00:33 
Mar  3 20:45:59 greenie mgetty[4038]: data dev=tty4d, pid=4038, caller=none, conn='38400/V.32  9600/MNP5', name='', cmd='/bin/login', user='mbox'
Mar  3 22:41:43 greenie mgetty[6470]: data dev=tty4c, pid=6470, caller=none, conn='38400/ZyX  16800/V42b', name='', cmd='/usr/lib/uucp/uucico', user='Uartinet'

Those five lines are one failed call, two fax calls, one of them failed and one successful, and two data calls, one of a human caller, loggin into the BBS system, and one of a calling uucico.

It looks very confusing until you understand the system behind it. The first fields specify date and time, originating host (greenie is my machine) and program (mgetty). The next field specifies the type of the connection made: ‘fax’, ‘data’ or ‘failed’ - the latter one usually means failure to initialize the modem or failure to connect to a calling modem, resulting in the well-known ‘NO CARRIER’ message...

The ‘dev’ and ‘pid’ fields specify the line and process ID of the mgetty process writing that line.

The ‘caller’ and ‘name’ fields give caller ID information - if none is available (as it is here in Germany), or if your modem doesn’t handle it, it will list ‘none’ and ‘''’, respectively.

For fax calls, additional informations given are the remote station ID (‘id='…'’), the hangup code (‘+FHNG=…’, 0 means "ok"), the number of pages and the connection time.

For data calls, the string that the modem returned after ‘CONNECT’ is listed as ‘conn='…'’. The string that was entered at the login prompt is listed as ‘user='…'’, and the program that is called to do the login is given as ‘cmd='…'’. Usually this will be /bin/login unless you have some special system setup for fido or uucp callers - as I have here, as you can see above.