the messages you have listed in the chart below are the annoying ones? these are kernel messages that you have asked to receive, simply stop receiving them or filter out each one of those entries below with a regex if you want to stop getting those five specific messages. I did not want the "STATS: dropped 0" message so I use this filter: filter f_syslog { not facility(auth, authpriv, kern) and not match("STATS: dropped 0"); }; You can put anything in the quotes including regular expressions, then just apply that filter to whichever log needs it. Metal Gear wrote:
Hi, I m trying to log only specific type of program alerts in a mysql db at remote syslog-ng server. Till now i m able to get exactly the messages that i wanted but i m also getting some annoying messages in mysql db. I did researched the problem but was unable to find any satified answer. These messages are
*host* *facility* *priority* *level* *tag* *date* *time* *program* *msg* *seq* abc kern warning warning 04 2005-06-16 08:58:35 On node 0 total On node 0 totalpages: 65088 3572 abc kern warning warning 04 2005-06-16 08:58:35 Processors Processors: 1 3573 abc kern warning warning 04 2005-06-16 08:58:35 ESR value after ESR value after enabling vector: 00000000 3574 abc kern info info 06 2005-06-16 08:59:29 parport0 parport0: PC-style at 0x378 (0x778) [PCSPP,TRISTATE] 3575 abc kern info info 06 2005-06-16 08:59:29 parport0 parport0: irq 7 detected 3576
I m also attaching my syslog-ng.conf file any help would be greatly appreciated.
options { long_hostnames(off); sync(0); keep_hostname(yes); chain_hostnames(no); use_time_recvd(yes); };
source src {unix-stream("/dev/log"); pipe("/proc/kmsg"); internal();};
source stunnel {tcp(ip("127.0.0.1 <http://127.0.0.1/>") port(514) keep-alive(yes));}; source netscreen {udp(ip("192.168.1.6 <http://192.168.1.6/>") port(514) );};
destination remoteclient {file("/var/log/HOSTS/$HOST/ $DAY.$MONTH.$YEAR.loggedmessages" create_dirs(yes));}; destination dest {file("/var/log/HOSTS/$HOST/$DAY.$MONTH.$YEAR.loggedmessages" create_dirs(yes));}; destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); };
filter f_syslog {not match("STATS: dropped");}; filter f_auth { facility(auth) or program(".*ftp*.") or program(".*ssh*.") or program(".*pam*."); };
log {source(src); filter(f_syslog); filter(f_auth); destination(d_mysql);}; log {source(stunnel); filter(f_syslog); filter(f_auth); destination(d_mysql);}; log {source(netscreen); destination(d_mysql);};
log {source(src); filter(f_syslog); destination(dest);}; log {source(stunnel); filter(f_syslog); destination(remoteclient);}; log {source(netscreen); destination(remoteclient);};
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html