On Tuesday 01 June 2010 21:10:24 Thanasis wrote:
Postfix messages were logged in /var/log/messages.
[snip]
I wanted to log postfix messages to a new file: /var/log/mail.log I changed /etc/syslog-ng/syslog-ng.conf like so:
# diff syslog-ng.conf.orig syslog-ng.conf 15a16,23
filter mail {
facility(mail);
};
filter notmail {
not facility(mail);
};
22a31
destination mail { file("/var/log/mail.log"); };
31,32c40,42 < log { source(src); destination(messages); }; < log { source(src); destination(console_all); }; ---
log { source(src); filter(mail); destination(mail); }; log { source(src); filter(notmail); destination(messages); }; log { source(src); filter(notmail); destination(console_all); };
----------------------------------------------------------------------
It worked, or at least I think so, by looking at both /var/log/messages and /var/log/mail.log.
So ,my questions are: 1) Are my edits OK? Did I do anything wrong? 2) Should I have configured it otherwise, perhaps more efficiently?
Hi, Your edits are fine, that will work. It gets complex, but that is unavoidable. Your method has the advantage that you can re-arrange the order of your config stanzas and the end result will be the same. There is a slightly more efficient way, and that is to use the "final" option in your mail log statement and leave everything else as it was, with the messages log statement at the end. Processing stops when a final is reached, meaning that mail logs will never reach the config that sends them to messages. I don't recommend this route for your case though, as: - The order of log statements becomes critical, so not only do you have to specify your filters correctly, you also have to *place* them correctly too. - Other people maintaining your config have to know you did this and take it into account. There are few things more annoying than being forced to understand the whole thing completely to just modify one part of it - You *will* forget you did this! (ask me how I know this....) and you will break stuff. A mistake in a config means lost logs. Lost logs means you never get them back... There are cases where "final" is appropriate (I use it myself) but it has to be used carefully and with caution -- Alan McKinnon Systems Engineer^W Technician Infrastructure Services Internet Solutions +27 11 575 7585 Please note: This email and its content are subject to the disclaimer as displayed at the following link http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm. Should you not have Web access, send a mail to disclaimers@is.co.za and a copy will be emailed to you.