<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3492" name=GENERATOR></HEAD>
<BODY>
<DIV>
<DIV dir=ltr align=left><SPAN class=753250413-05022009><FONT face=Arial><FONT
color=#0000ff><FONT size=2><SPAN class=659440913-05022009>You may want to
make your filter more specific (e.g. add a facility or severity)
because otherwise all messages from all sources that happen to have the string
"HISTORY" in them anywhere will get sent to your new log file and
nowhere else.</SPAN></FONT></FONT></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=753250413-05022009><FONT face=Arial><FONT
color=#0000ff><FONT size=2><SPAN
class=659440913-05022009></SPAN></FONT></FONT></FONT></SPAN><SPAN
class=753250413-05022009><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=659440913-05022009></SPAN></FONT></FONT></FONT></SPAN> </DIV>
<DIV dir=ltr align=left>
<HR tabIndex=-1>
</DIV>
<DIV dir=ltr align=left><FONT face=Tahoma size=2><B>From:</B>
syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu]
<B>On Behalf Of </B>Fegan, Joe<BR><B>Sent:</B> 05 February 2009
13:06<BR><B>To:</B> Syslog-ng users' and developers' mailing
list<BR><B>Subject:</B> Re: [syslog-ng] syslog-ng +bash
history<BR></FONT><BR></DIV></DIV>
<DIV></DIV>
<DIV dir=ltr align=left><SPAN class=753250413-05022009><FONT face=Arial
color=#0000ff size=2>Move the history log path to the top of the list and
add flags(final) to it.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=753250413-05022009><FONT face=Arial
color=#0000ff size=2>That flag means "if you follow this path don't follow any
others".</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> syslog-ng-bounces@lists.balabit.hu
[mailto:syslog-ng-bounces@lists.balabit.hu] <B>On Behalf Of </B>Marcin
Niskiewicz<BR><B>Sent:</B> 05 February 2009 12:14<BR><B>To:</B>
syslog-ng@lists.balabit.hu<BR><B>Subject:</B> [syslog-ng] syslog-ng +bash
history<BR></FONT><BR></DIV>
<DIV></DIV>Hello <BR>Everything that is written by users on console (my system
is gentoo) is logged in 3 different files (debug , syslog, messages) ... <BR>I'd
like to route all history logs to one file only... <BR>i made a filter and it
works fine (it writes history to history.log) but still it writes it to those 3
files (debug , syslog, messages) as well ...<BR>so now everything I type
is written to 4 files (debug , syslog, messages and history.log) ...<BR><BR>is
there possibility to configure syslog-ng to log history only to one file (for
example history.log) and leave others files clean? <BR><BR>best
regards<BR>nichu<BR><BR>My standard configuration (with my modifiication to
route history to history.log) looks like this:<BR><BR><BR># Copyright 2005
Gentoo Foundation<BR># Distributed under the terms of the GNU General Public
License v2<BR># $Header:
/var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened,v
1.5 2007/10/30 17:16:15 solar Exp $<BR><BR>#<BR># Syslog-ng configuration file,
compatible with default hardened installations.<BR>#<BR><BR>options
{<BR>
chain_hostnames(off);<BR>
sync(0);<BR>
stats(43200);<BR>};<BR><BR>source src { unix-stream("/dev/log"); internal();
};<BR>source kernsrc { file("/proc/kmsg"); };<BR><BR>destination authlog {
file("/var/log/auth.log"); };<BR>destination syslog { file("/var/log/syslog");
};<BR>destination cron { file("/var/log/cron.log"); };<BR>destination daemon {
file("/var/log/daemon.log"); };<BR>destination kern { file("/var/log/kern.log");
file("/dev/tty12"); };<BR>destination lpr { file("/var/log/lpr.log");
};<BR>destination user { file("/var/log/user.log"); };<BR>destination uucp {
file("/var/log/uucp.log"); };<BR>destination mail {
file("/var/log/mail/mail.log"); };<BR><BR>destination avc {
file("/var/log/avc.log"); };<BR>destination audit { file("/var/log/audit.log");
};<BR>destination pax { file("/var/log/pax.log"); };<BR>destination grsec {
file("/var/log/grsec.log"); };<BR>destination historia {
file("/var/log/history.log"); };<BR><BR>destination mailinfo {
file("/var/log/mail/<A href="http://mail.info/">mail.info</A>");
};<BR>destination mailwarn { file("/var/log/mail/mail.warn"); };<BR>destination
mailerr { file("/var/log/mail/mail.err"); };<BR><BR>destination newscrit {
file("/var/log/news/news.crit"); };<BR>destination newserr {
file("/var/log/news/news.err"); };<BR>destination newsnotice {
file("/var/log/news/news.notice"); };<BR><BR>destination debug {
file("/var/log/debug"); };<BR>destination messages { file("/var/log/messages");
};<BR>destination console { usertty("root"); };<BR>destination console_all {
file("/dev/tty12"); };<BR><BR>destination xconsole { pipe("/dev/xconsole");
};<BR><BR>filter f_auth { facility(auth); };<BR>filter f_authpriv {
facility(auth, authpriv); };<BR>filter f_syslog { not facility(authpriv, mail);
};<BR>filter f_cron { facility(cron); };<BR>filter f_daemon { facility(daemon);
};<BR>filter f_kern { facility(kern); };<BR>filter f_lpr { facility(lpr);
};<BR>filter f_mail { facility(mail); };<BR>filter f_user { facility(user);
};<BR>filter f_uucp { facility(uucp); };<BR>filter f_debug { not facility(auth,
authpriv, news, mail); };<BR>filter f_messages {
level(info..warn)<BR> and not
facility(auth, authpriv, mail, news); };<BR>filter f_emergency { level(emerg);
};<BR><BR>filter f_info { level(info); };<BR><BR>filter f_notice {
level(notice); };<BR>filter f_warn { level(warn); };<BR>filter f_crit {
level(crit); };<BR>filter f_err { level(err); };<BR><BR>filter f_avc {
match(".*avc: .*"); };<BR>filter f_audit { match("^audit.*") and not
match(".*avc: .*"); };<BR>filter f_pax { match("^PAX:.*"); };<BR>filter f_grsec
{ match("^grsec:.*"); };<BR>filter f_history { match(".*HISTORY*");
};<BR><BR>log { source(src); filter(f_authpriv); destination(authlog); };<BR>log
{ source(src); filter(f_syslog); destination(syslog); };<BR>log { source(src);
filter(f_cron); destination(cron); };<BR>log { source(src); filter(f_daemon);
destination(daemon); };<BR>log { source(kernsrc); filter(f_kern);
destination(kern); };<BR>log { source(src); filter(f_lpr); destination(lpr);
};<BR>log { source(src); filter(f_mail); destination(mail); };<BR>log {
source(src); filter(f_user); destination(user); };<BR>log { source(src);
filter(f_history); destination(history); };<BR>log { source(src);
filter(f_mail); filter(f_info); destination(mailinfo); };<BR>log { source(src);
filter(f_mail); filter(f_warn); destination(mailwarn); };<BR>log { source(src);
filter(f_mail); filter(f_err); destination(mailerr); };<BR>log { source(src);
filter(f_debug); destination(debug); };<BR>log { source(src);
filter(f_messages); destination(messages); };<BR>log { source(src);
filter(f_emergency); destination(console); }; </BODY></HTML>