Ya, thats fine. The only change I'd make is instead of log { source(src); filter(notmail); destination(messages); }; log { source(src); filter(notmail); destination(console_all); }; do log { source(src); filter(notmail); destination(messages); destination(console_all); }; That way it doesnt have to apply the filter three times, only twice. You could optimize it even further with the fallback flag, but unless you've got a really high volume of messages, you could probably just leave it as is. Sent: Tuesday, June 01, 2010 1:10:24 PM From: Thanasis <thanasis@asyr.hopto.org> To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] log smtp mail messages to a specific file
Postfix messages were logged in /var/log/messages. Here is how syslog-ng.conf was (before my changes): ---------------------------------------------------- # cat /etc/syslog-ng/syslog-ng.conf.orig @version: 3.0 # $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3,v 1.1 2010/04/06 02:11:35 mr_bones_ Exp $ # # Syslog-ng default configuration file for Gentoo Linux
options { chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line # to the file every 10 minutes. That's pretty ugly after a while. # Change it to every 12 hours so you get a nice daily update of # how many messages syslog-ng missed (0). stats_freq(43200); };
source src { unix-stream("/dev/log" max-connections(256)); internal(); file("/proc/kmsg"); };
destination messages { file("/var/log/messages"); };
# By default messages are logged to tty12... destination console_all { file("/dev/tty12"); }; # ...if you intend to use /dev/console for programs like xconsole # you can comment out the destination line above that references /dev/tty12 # and uncomment the line below. #destination console_all { file("/dev/console"); };
log { source(src); destination(messages); }; log { source(src); destination(console_all); };
-------------------------------------------------
I wanted to log postfix messages to a new file: /var/log/mail.log I changed /etc/syslog-ng/syslog-ng.conf like so:
# diff syslog-ng.conf.orig syslog-ng.conf 15a16,23
filter mail { facility(mail); };
filter notmail { not facility(mail); };
22a31
destination mail { file("/var/log/mail.log"); };
31,32c40,42 < log { source(src); destination(messages); }; < log { source(src); destination(console_all); }; ---
log { source(src); filter(mail); destination(mail); }; log { source(src); filter(notmail); destination(messages); }; log { source(src); filter(notmail); destination(console_all); };
----------------------------------------------------------------------
It worked, or at least I think so, by looking at both /var/log/messages and /var/log/mail.log.
So ,my questions are: 1) Are my edits OK? Did I do anything wrong? 2) Should I have configured it otherwise, perhaps more efficiently?
Thanks. Thanasis
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html