On Thu, Sep 25, 2014 at 11:31 AM, Pál, László <vlad@vlad.hu> wrote:
You need both logpath. One is filtering out and other collecting remaining. Also the order of log statement is important
Vlad, thank you for your reply. I followed your tips but syslog-ng still logging... What I miss in the config? The actual is: # cat /etc/syslog-ng/syslog-ng.conf @version:3.2 options { check_hostname(yes); keep_hostname(yes); stats_freq(0); chain_hostnames(no); }; source inputs { internal(); unix-stream("/dev/log"); udp(); tcp(max_connections(100)); }; destination logpile { file("/logs/$HOST/$YEAR/$MONTH/$DAY/$FACILITY" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); }; filter vmware_filter { match("Section for VMware ESX" value ("MESSAGE")); }; log { source(inputs); filter(vmware_filter); flags(final); }; log { source(inputs); destination(logpile); }; Thanks, -f