[syslog-ng]Eliminating certain keyword from the "all" directi
ve?
Hamilton, Andrew Mr RAYTHEON 5 SIG CMD
HamiltonA@hq.5sigcmd.army.mil
Wed, 25 Jul 2001 06:55:03 +0200
Stephen,
Sure there's a way. Syslog-ng is a full service application after all. You
want to set up a destination and a filter:
destination mail { file("/var/adm/maillogs"); };
filter f_mail { facility(mail); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(DEFAULT); destination(all); };
The DEFAULT is a macro that will basically log everything that hasn't
already been logged. If you just didn't want your mail logs just set the
file to /dev/null or something. There are probably other ways to do this
but this seems the most straight forward to me.
Regards,
DRew
-----Original Message-----
From: Stephen C Burns [mailto:sburns@farpointer.net]
Sent: Tuesday, July 24, 2001 9:42 PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]Eliminating certain keyword from the "all"
directive?
Hi all,
I have a question regarding the redirection of certain log messages to
files. I currently have the "all" directive sending every syslog
message into /var/log/messages, via:
destination all {
file("/var/log/messages");
};
And that is great, except I don't want my mail messages getting sent
into the messages file as well as this takes up a lot of space.
So I basically need some way to say "send all messages except for mail
messages into /var/log/messages"
Is there such a way? Thank you for any help!!
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng