At 15:46 19.04.2002 +0100, you wrote:
log { source(s_sys); filter(f_filter1); destination(d_cons); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_auth); }; log { source(s_sys); filter(f_filter4); destination(d_mail); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_spol); };
The syslog.conf from my HPUX box has the following line added *.info;mail.none @central-syslog-server
I figure its got something to do with filters, but I dont know where to start. Basically I want everything logged and then I'll start deciding what to filter out.
Maybe there are messages sent on facilities which aren't mentioned in your filters (like local1..7), try putting a "catch-everything-which-hasnt-been-logged-yet" rule somewhere in there. In 1.5.* it's something like log { source(s_sys); destination(leftover); flags(fallback); }; unfortunately i can't remember the syntax for 1.4.* anymore. You should also use something like "*.* @central-syslog-server" on the syslogd's if you really want all messages from the hpux'n. mfg/best regards -- Michael Renner Junior System Engineer Inode Telekommunikationsdienstleistungs GmbH - http://www.inode.at support@inode.at, Tel.: 05 9999-0, Fax.: 05 9999-2699