<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3492" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=753250413-05022009><FONT face=Arial
color=#0000ff size=2>Move the history log path to the top of the list and
add flags(final) to it.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=753250413-05022009><FONT face=Arial
color=#0000ff size=2>That flag means "if you follow this path don't follow any
others".</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> syslog-ng-bounces@lists.balabit.hu
[mailto:syslog-ng-bounces@lists.balabit.hu] <B>On Behalf Of </B>Marcin
Niskiewicz<BR><B>Sent:</B> 05 February 2009 12:14<BR><B>To:</B>
syslog-ng@lists.balabit.hu<BR><B>Subject:</B> [syslog-ng] syslog-ng +bash
history<BR></FONT><BR></DIV>
<DIV></DIV>Hello <BR>Everything that is written by users on console (my system
is gentoo) is logged in 3 different files (debug , syslog, messages) ... <BR>I'd
like to route all history logs to one file only... <BR>i made a filter and it
works fine (it writes history to history.log) but still it writes it to those 3
files (debug , syslog, messages) as well ...<BR>so now everything I type
is written to 4 files (debug , syslog, messages and history.log) ...<BR><BR>is
there possibility to configure syslog-ng to log history only to one file (for
example history.log) and leave others files clean? <BR><BR>best
regards<BR>nichu<BR><BR>My standard configuration (with my modifiication to
route history to history.log) looks like this:<BR><BR><BR># Copyright 2005
Gentoo Foundation<BR># Distributed under the terms of the GNU General Public
License v2<BR># $Header:
/var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened,v
1.5 2007/10/30 17:16:15 solar Exp $<BR><BR>#<BR># Syslog-ng configuration file,
compatible with default hardened installations.<BR>#<BR><BR>options
{<BR>
chain_hostnames(off);<BR>
sync(0);<BR>
stats(43200);<BR>};<BR><BR>source src { unix-stream("/dev/log"); internal();
};<BR>source kernsrc { file("/proc/kmsg"); };<BR><BR>destination authlog {
file("/var/log/auth.log"); };<BR>destination syslog { file("/var/log/syslog");
};<BR>destination cron { file("/var/log/cron.log"); };<BR>destination daemon {
file("/var/log/daemon.log"); };<BR>destination kern { file("/var/log/kern.log");
file("/dev/tty12"); };<BR>destination lpr { file("/var/log/lpr.log");
};<BR>destination user { file("/var/log/user.log"); };<BR>destination uucp {
file("/var/log/uucp.log"); };<BR>destination mail {
file("/var/log/mail/mail.log"); };<BR><BR>destination avc {
file("/var/log/avc.log"); };<BR>destination audit { file("/var/log/audit.log");
};<BR>destination pax { file("/var/log/pax.log"); };<BR>destination grsec {
file("/var/log/grsec.log"); };<BR>destination historia {
file("/var/log/history.log"); };<BR><BR>destination mailinfo {
file("/var/log/mail/<A href="http://mail.info/">mail.info</A>");
};<BR>destination mailwarn { file("/var/log/mail/mail.warn"); };<BR>destination
mailerr { file("/var/log/mail/mail.err"); };<BR><BR>destination newscrit {
file("/var/log/news/news.crit"); };<BR>destination newserr {
file("/var/log/news/news.err"); };<BR>destination newsnotice {
file("/var/log/news/news.notice"); };<BR><BR>destination debug {
file("/var/log/debug"); };<BR>destination messages { file("/var/log/messages");
};<BR>destination console { usertty("root"); };<BR>destination console_all {
file("/dev/tty12"); };<BR><BR>destination xconsole { pipe("/dev/xconsole");
};<BR><BR>filter f_auth { facility(auth); };<BR>filter f_authpriv {
facility(auth, authpriv); };<BR>filter f_syslog { not facility(authpriv, mail);
};<BR>filter f_cron { facility(cron); };<BR>filter f_daemon { facility(daemon);
};<BR>filter f_kern { facility(kern); };<BR>filter f_lpr { facility(lpr);
};<BR>filter f_mail { facility(mail); };<BR>filter f_user { facility(user);
};<BR>filter f_uucp { facility(uucp); };<BR>filter f_debug { not facility(auth,
authpriv, news, mail); };<BR>filter f_messages {
level(info..warn)<BR> and not
facility(auth, authpriv, mail, news); };<BR>filter f_emergency { level(emerg);
};<BR><BR>filter f_info { level(info); };<BR><BR>filter f_notice {
level(notice); };<BR>filter f_warn { level(warn); };<BR>filter f_crit {
level(crit); };<BR>filter f_err { level(err); };<BR><BR>filter f_avc {
match(".*avc: .*"); };<BR>filter f_audit { match("^audit.*") and not
match(".*avc: .*"); };<BR>filter f_pax { match("^PAX:.*"); };<BR>filter f_grsec
{ match("^grsec:.*"); };<BR>filter f_history { match(".*HISTORY*");
};<BR><BR>log { source(src); filter(f_authpriv); destination(authlog); };<BR>log
{ source(src); filter(f_syslog); destination(syslog); };<BR>log { source(src);
filter(f_cron); destination(cron); };<BR>log { source(src); filter(f_daemon);
destination(daemon); };<BR>log { source(kernsrc); filter(f_kern);
destination(kern); };<BR>log { source(src); filter(f_lpr); destination(lpr);
};<BR>log { source(src); filter(f_mail); destination(mail); };<BR>log {
source(src); filter(f_user); destination(user); };<BR>log { source(src);
filter(f_history); destination(history); };<BR>log { source(src);
filter(f_mail); filter(f_info); destination(mailinfo); };<BR>log { source(src);
filter(f_mail); filter(f_warn); destination(mailwarn); };<BR>log { source(src);
filter(f_mail); filter(f_err); destination(mailerr); };<BR>log { source(src);
filter(f_debug); destination(debug); };<BR>log { source(src);
filter(f_messages); destination(messages); };<BR>log { source(src);
filter(f_emergency); destination(console); }; </BODY></HTML>