Im currently building our loghost syslog-ng conf file and encounter a problem. How can I filter message so that only not-alredy-routed line will be routed/filtered again ?
For example, I am trying to send ssh line to a dedicated log file, since sshd send its message to the deamon facility and that ( generic) daemon facility are send to a generic file, a given line appereas in both file and that waste my disk space :-).
I am trying to solve that by adding "and not filter(f_ssh)" in my dameon filter but it does nothing ( not even syntax error message).
Is there any error ? Is there another way ?
Thanks for any help.
The filter way should work, if it doesn't, it's a bug. There's a feature you may use here. You can define default log statements: log { source(src); filter(DEFAULT); destination(dst); }; This is a catchall statement, and should catch all messages which were not accepted any of the previous statements. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt