OK thanks, I see that. 14 = 16 octal = facility 1 (user) severity 6 (info). So even though I specify kern.info on the command line, the message comes through as user.info [root@node1 ~]# logger -i -p kern.info "hello world" [root@node1 ~]# tail -1 /var/log/messages Nov 17 13:39:17 node1 14 info root[7402]: hello world [root@node1 ~]# -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Geller, Sandor (IT) Sent: 17 November 2008 13:02 To: 'Syslog-ng users' and developers' mailing list' Subject: Re: [syslog-ng] facility(kern) not working? Syslog-ng 2.0.7 Hi,
I am using 2.0.7 and it seems that facility(kern) does not match messages from "logger -p kern.info". I am trying to filter kernel messages into a file but nothing goes there.
[ cut ]
Nov 17 12:40:45 dizzyfive1 189 notice syslog-ng: syslog-ng startup succeeded Nov 17 12:41:40 dizzyfive1 14 info root[19336]: hello from kern
$PRI being 14 indicates user.info, not kern.info Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html