<div dir="ltr"><div>Hi,</div><div><br></div><div>I have the following part of syslog configuration:</div><div><br></div><div><span style="font-family:monospace">destination d_localfile_kernel {<br>    file("/var/log/kernel.log"<br>        flags(syslog-protocol)<br>    );<br>};<br>filter f_localfile_kernel_kern {<br>    facility(kern) and level(info .. emerg);<br>};<br>filter f_localfile_kernel {<br>    filter(f_localfile_kernel_kern); };<br>log {<br>    source(s_src);<br>    filter(f_localfile_kernel);<br>    destination(d_localfile_kernel);<br>    flags(flow-control);<br>};</span></div><div><br></div><div>And I see in my kernel.log file:</div><div>


















<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:Consolas"><46>1
2020-03-18T18:35:28+00:00 localhost - - - [meta sequenceId="1"] --
MARK --<span></span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:Consolas"><46>1
2020-03-18T18:55:28+00:00 localhost - - - [meta sequenceId="2"] --
MARK --<span></span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:Consolas"><46>1
2020-03-18T19:15:28+00:00 localhost - - - [meta sequenceId="3"] --
MARK --<span></span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:Consolas"><46>1
2020-03-18T19:35:28+00:00 localhost - - - [meta sequenceId="4"] --
MARK --<span></span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:Consolas"><46>1
2020-03-18T19:55:28+00:00 localhost - - - [meta sequenceId="5"] --
MARK --<span></span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:Consolas"><46>1
2020-03-18T20:15:28+00:00 localhost - - - [meta sequenceId="6"] --
MARK --<span></span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:Consolas"><46>1
2020-03-18T20:35:28+00:00 localhost - - - [meta sequenceId="7"] --
MARK --<span></span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:Consolas"><46>1
2020-03-18T20:55:28+00:00 localhost - - - [meta sequenceId="8"] --
MARK --<span></span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:Consolas"><46>1
2020-03-18T21:15:28+00:00 localhost - - - [meta sequenceId="9"] --
MARK --</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><br></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif">I was not expecting to see syslog facility messages coming out, since I am filtering by kernel facility.</p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><br></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif">Is this expected behavior?</p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><br></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif">Thanks & regards,</p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif">Alex<br></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:Consolas"><span></span></span></p>





</div></div>