On Sep 02, 2004, Loic Minier wrote:
Michael Rash <mbr@cipherdyne.org> - Wed, Sep 01, 2004:
I would like to use syslog-ng to log priority info kernel messages to a named pipe, and I seem to have an issue with defining a correct filter. But, the addition of the kern facility in the filter seems to cause syslog-ng to not open the named pipe (lsof returns nothing).
Where are your kernel messages coming from? Do they really have the "kern" facility?
Well, I think that kernel message do come from the kern facility (is this configurable?). The strange thing is that using either of the following two filters works perfectly: filter f_kerninfo { facility(kern); }; or filter f_kerninfo { level(info); }; But, when I combine the filters with an "and" like: filter f_kerninfo { facility(kern) and level(info); }; syslog-ng seems to not be able to open the named pipe. Why does the "and" condition matter? The syslog-ng reference manual seems to indicate that it should support this. --Mike Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F