Jules-- This is going to be mta specific. IE: depending on what your running and your requirements are; its possible to have one mta process accept and queue the mail; and another one that send/deliver the mail. If this is the case; it maybe possible for the mta to have different syslog facilities/priorities for each of these processes. Again; this is going to be mta specific. The other option is to regex out the lines your want to be seperated. So for example [off the top of my head-- you can try something like this (which I haven't tested:] on sendmail; only logging inbound accepted messages and outbound attempts: (some errors will not be picked up on these regexes): filter f_mailin { facility (mail); match("daemon=MTA"); }; filter f_mailout { facility (mail); match("mailer=esmtp"); }; destination maillogin { file ("/var/log/maillog.in" perm(0644); }; destination maillogout { file ("/var/log/maillog.out" perm(0644); }; log { source(local); filter(f_mailin); destination(maillogin); }; log { source(local); filter(f_mailout); destination(maillogout); }; On Mon, 10 Jan 2005 17:11:07 +0000, JulesF <julesf@the4.co.uk> wrote:
How would I go about splitting the maillog to show both inbound and outbound services in different files; what amenedments need to be made to syslong-ng.conf?
The current maillog entry:
destination d_mail { file("/var/log/maillog"); };
Thanks. J
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html