<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#0050d0">
<font size="-1"><font face="Helvetica, Arial, sans-serif">Ya, thats
fine. The only change I'd make is instead of<br>
</font></font>
<pre wrap="">log { source(src); filter(notmail); destination(messages); };
<span class="moz-txt-citetags"></span>log { source(src); filter(notmail); destination(console_all); };</pre>
<font size="-1"><font face="Helvetica, Arial, sans-serif">do<br>
</font></font>
<pre wrap="">log { source(src); filter(notmail); destination(messages); destination(console_all); };
</pre>
<font size="-1"><font face="Helvetica, Arial, sans-serif">That way it
doesnt have to apply the filter three times, only twice. You could
optimize it even further with the fallback flag, but unless you've got
a really high volume of messages, you could probably just leave it as
is.<br>
<br>
<br>
<br>
</font></font><br>
Sent: Tuesday, June 01, 2010 1:10:24 PM<br>
From: Thanasis <a class="moz-txt-link-rfc2396E" href="mailto:thanasis@asyr.hopto.org"><thanasis@asyr.hopto.org></a><br>
To: <a class="moz-txt-link-abbreviated" href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a> <br>
Subject: [syslog-ng] log smtp mail messages to a specific file
<blockquote cite="mid:4C055B20.70004@asyr.hopto.org" type="cite">
<pre wrap="">Postfix messages were logged in /var/log/messages.
Here is how syslog-ng.conf was (before my changes):
----------------------------------------------------
# cat /etc/syslog-ng/syslog-ng.conf.orig
@version: 3.0
# $Header:
/var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3,v
1.1 2010/04/06 02:11:35 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux
options {
chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
file("/proc/kmsg");
};
destination messages { file("/var/log/messages"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
log { source(src); destination(messages); };
log { source(src); destination(console_all); };
-------------------------------------------------
I wanted to log postfix messages to a new file: /var/log/mail.log
I changed /etc/syslog-ng/syslog-ng.conf like so:
# diff syslog-ng.conf.orig syslog-ng.conf
15a16,23
</pre>
<blockquote type="cite">
<pre wrap="">filter mail {
facility(mail);
};
filter notmail {
not facility(mail);
};
</pre>
</blockquote>
<pre wrap=""><!---->22a31
</pre>
<blockquote type="cite">
<pre wrap="">destination mail { file("/var/log/mail.log"); };
</pre>
</blockquote>
<pre wrap=""><!---->31,32c40,42
< log { source(src); destination(messages); };
< log { source(src); destination(console_all); };
---
</pre>
<blockquote type="cite">
<pre wrap="">log { source(src); filter(mail); destination(mail); };
log { source(src); filter(notmail); destination(messages); };
log { source(src); filter(notmail); destination(console_all); };
</pre>
</blockquote>
<pre wrap=""><!---->----------------------------------------------------------------------
It worked, or at least I think so, by looking at both /var/log/messages
and /var/log/mail.log.
So ,my questions are:
1) Are my edits OK? Did I do anything wrong?
2) Should I have configured it otherwise, perhaps more efficiently?
Thanks.
Thanasis
______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a>
</pre>
</blockquote>
</body>
</html>