Greetings!

I am trying to rewrite syslog-ng.conf to create files based on facilities; one way for non-auth messages, another for all authentication messages (ssh, su, sudo, and console logins).

I believe I have two issues with my statements below:

1. My ${HOST}- might be incorrect.

2. Am I able to write two filters for a single source? My single source in this case are Linux boxes, all sending their syslog traffic to my syslog-NG server with *.*.

My statements below, comments and criticism very welcome.

filter f_linux_secure   { facility(authpriv) and level(info..emerg); };
filter f_linux_messages { level(info..emerg); };


destination d_linux_secure      {
        file("/data/Linux/${HOST}-secure.log" owner("root") group("systems") perm(0640) dir_perm(0750) create_dirs(yes));
destination d_linux_messages    {
        file("/data/Linux/${HOST}-messages.log" owner("root") group("systems") perm(0640) dir_perm(0750) create_dirs(yes));

log { source(s_remote);         filter(f_linux_secure); destination(d_linux_secure); flags(final); };
log { source(s_remote);         filter(f_linux_messages); destination(d_linux_messages); flags(final); };

Regards,