William Yodlowsky on Mon, Dec 18, 2000 at 11:34:34PM -0500:
On Mon, Dec 18, 2000 at 05:09:20PM -0600, Matt Mencel wrote:
Hi,
I am recieving web and ftp logs from another machine on my central logging machine. Syslog-ng prepends the logs with a bunch of information that I don't need and it prevents Analog and Webalizer from parsing the logs correctly. Is there a way to tell syslog-ng not to prepend this information to certain logs? Thanks.
the main reason why you have replaced your original syslog are advanced filtering capabilities .. use them :) Look at the example configuration files that came with your source tarball, RTFM (one of the not so advanced features of syslog-ng ;)), or try something like: source s_ftplog { udp (ip(a.b.c.d) port(514)); destination d_ftplog { file ("/log/$HOST/the_log_you_are_checking") filter f_ftplog { program ("ftpd") and not match ("bunch of information"); } log { source(s_ftplog); filter(f_ftplog); destination(d_ftplog); };
Can you not prepend our mailboxes with 4 copies of the same message? Thanks.
BTW, I seem to get almost every message twice, and since I got this one 4 times as well, I guess other people have the same problem? I did not subscribe multiple times, in case anybody wonders :) Greetings, Gregor. -- Gregor Binder <gbinder@sysfive.com> http://www.sysfive.com/~gbinder/ sysfive.com GmbH UNIX. Networking. Security. Applications. Gaertnerstrasse 125b, 20253 Hamburg, Germany TEL +49-40-63647482