Hi

   Final flags respond with only top-level log paths. You can use embedded log statement to achieve your goal.

log {
         

            
    log {

source(s_remote);
                  
        filter(

f_linux_secure

);
                  
        destination(

d_linux_secure

);
                  
        flags(final);
            
    };

    
             log {

 source(s_remote);
                   filter(

f_linux_messages

);
                  
        destination(

d_linux_messages

);
   
             };

};

https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-embedded-logpaths.html

Regards

On Fri, Apr 21, 2017 at 7:14 PM, wiskbroom@hotmail.com <wiskbroom@hotmail.com> wrote:

Yes, I only want said messages in one of the two files, not both.

Vadim Anatoly Pushkin

From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of james.r.hendrick <james.r.hendrick@gmail.com>
Sent: Friday, April 21, 2017 9:40:20 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Unable to Filter Based On Facility into Different Files

flags (final) stops the professing in the first statement

Sent from my Verizon, Samsung Galaxy smartphone

-------- Original message --------

From: wiskbroom@hotmail.com

Date: 4/21/17 9:37 AM (GMT-05:00)

To: syslog-ng@lists.balabit.hu

Subject: [syslog-ng] Unable to Filter Based On Facility into Different Files

Greetings!

I am trying to rewrite syslog-ng.conf to create files based on facilities; one way for non-auth messages, another for all authentication messages (ssh, su, sudo, and console logins).

I believe I have two issues with my statements below:

1. My ${HOST}- might be incorrect.

2. Am I able to write two filters for a single source? My single source in this case are Linux boxes, all sending their syslog traffic to my syslog-NG server with *.*.

My statements below, comments and criticism very welcome.

filter f_linux_secure { facility(authpriv) and level(info..emerg); };
filter f_linux_messages { level(info..emerg); };

destination d_linux_secure {
file("/data/Linux/${HOST}-secure.log" owner("root") group("systems") perm(0640) dir_perm(0750) create_dirs(yes));
destination d_linux_messages {
file("/data/Linux/${HOST}-messages.log" owner("root") group("systems") perm(0640) dir_perm(0750) create_dirs(yes));

log { source(s_remote); filter(f_linux_secure); destination(d_linux_secure); flags(final); };
log { source(s_remote); filter(f_linux_messages); destination(d_linux_messages); flags(final); };

Regards,

Vadim Anatoly Pushkin

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq