It works. Thank you very much::) -----邮件原件----- 发件人: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] 代表 Evan Rempel 发送时间: 2007年9月19日 13:09 收件人: Syslog-ng users' and developers' mailing list 主题: Re: [syslog-ng] the filter doesn`t work for the remote log You have set your filter on the syslog facility, and the crond program uses different facilities to log different information, such as the auth facility to log session open/close for the user that the cron started process belongs to. try using filters of filter f_cron { program(crond); }; filter f_messages { not program(crond); }; and see how that works for you. Evan. liuruihong wrote:
I use the syslog-ng to receive remote log,
The syslog-ng is running under linux ,the remote client is sending log by syslog,
and the syslog-ng configure fie is as follows:
options { use_dns(yes); create_dirs(yes); }; source src { udp(ip(0.0.0.0) port(514)); }; filter f_cron { facility(cron); }; filter f_messages { not facility(cron); }; destination messages { file("/home/liuruihong/syslog-ng/log/$HOST/$YEAR/messages-$MONTH"); }; destination cron { file("/home/liuruihong/syslog-ng/log/$HOST/$YEAR/cron-$MONTH"); }; log { source(src); filter(f_cron); destination(cron); }; log { source(src); filter(f_messages); destination(messages); };
but the log files "messages-$MONTH" still include the crond information,
I don't know why?
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html