[syslog-ng] log smtp mail messages to a specific file

Tue Jun 1 21:52:30 CEST 2010

Ya, thats fine. The only change I'd make is instead of

log { source(src); filter(notmail); destination(messages); };
log { source(src); filter(notmail); destination(console_all); };

do

log { source(src); filter(notmail); destination(messages); destination(console_all); };

That way it doesnt have to apply the filter three times, only twice. You 
could optimize it even further with the fallback flag, but unless you've 
got a really high volume of messages, you could probably just leave it 
as is.

Sent: Tuesday, June 01, 2010 1:10:24 PM
From: Thanasis <thanasis at asyr.hopto.org>
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] log smtp mail messages to a specific file
> Postfix messages were logged in /var/log/messages.
> Here is how syslog-ng.conf was (before my changes):
> ----------------------------------------------------
> # cat /etc/syslog-ng/syslog-ng.conf.orig
> @version: 3.0
> # $Header:
> /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3,v
> 1.1 2010/04/06 02:11:35 mr_bones_ Exp $
> #
> # Syslog-ng default configuration file for Gentoo Linux
>
> options {
>     chain_hostnames(no);
>
>     # The default action of syslog-ng is to log a STATS line
>     # to the file every 10 minutes.  That's pretty ugly after a while.
>     # Change it to every 12 hours so you get a nice daily update of
>     # how many messages syslog-ng missed (0).
>     stats_freq(43200);
> };
>
> source src {
>     unix-stream("/dev/log" max-connections(256));
>     internal();
>     file("/proc/kmsg");
> };
>
> destination messages { file("/var/log/messages"); };
>
> # By default messages are logged to tty12...
> destination console_all { file("/dev/tty12"); };
> # ...if you intend to use /dev/console for programs like xconsole
> # you can comment out the destination line above that references /dev/tty12
> # and uncomment the line below.
> #destination console_all { file("/dev/console"); };
>
> log { source(src); destination(messages); };
> log { source(src); destination(console_all); };
>
> -------------------------------------------------
>
> I wanted to log postfix messages to a new file: /var/log/mail.log
> I changed /etc/syslog-ng/syslog-ng.conf like so:
>
> # diff syslog-ng.conf.orig syslog-ng.conf
> 15a16,23
>   
>> filter mail {
>>     facility(mail);
>> };
>>
>> filter notmail {
>>     not facility(mail);
>> };
>>
>>     
> 22a31
>   
>> destination mail { file("/var/log/mail.log"); };
>>     
> 31,32c40,42
> < log { source(src); destination(messages); };
> < log { source(src); destination(console_all); };
> ---
>   
>> log { source(src); filter(mail); destination(mail); };
>> log { source(src); filter(notmail); destination(messages); };
>> log { source(src); filter(notmail); destination(console_all); };
>>     
> ----------------------------------------------------------------------
>
> It worked, or at least I think so, by looking at both /var/log/messages
> and /var/log/mail.log.
>
> So ,my questions are:
> 1) Are my edits OK? Did I do anything wrong?
> 2) Should I have configured it otherwise, perhaps more efficiently?
>
> Thanks.
> Thanasis
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100601/cec7cfd0/attachment.htm 