The flags(final) goes at the end of the log statement, not the destination.

Cheers,

Steve
----- Message d'origine -----
De: "Michael J. Bauer" <mjbauer@eecs.tufts.edu>
Date: Jeudi, 24 Septembre 2009, 23:00
Objet: [syslog-ng] flags(final)
À: syslog-ng@lists.balabit.hu

> I think I am misunderstanding what flags(final) is supposed to
> do. I'm
> running syslog-ng 2.1.4 on RHEL 5.4 (Tikanga).
>
> I have a fairly simple syslog-ng configuration, which I've
> attached
> below. I'm trying to pick off individual groups of log
> entries and put
> them in their own individual files. I want to ensure that
> each gets
> logged exactly once, so I'm using flags(final). I also
> have a catch-all
> at the end in case I've missed something, but the ultimate goal
> is to
> have that file present, but empty.
>
> However, with this configuration, the log entries that appear in
> d_network_address_translation (/var/log/network-address-
> translation)
> also appear in d_default (/var/log/default) despite the presence
> of
> flags(final) on an earlier log() line. Should it work this
> way? If so,
> what can I do to get the desired behavior?
>
> Thanks,
> MJB
>
> options {
>         sync (0);
>         time_reopen (10);
>         log_fifo_size (1000);
>         long_hostnames (off);
>         use_fqdn (no);
>         create_dirs (no);
>         keep_hostname (yes);
> };
>
> source s_sys {
>         file ("/proc/kmsg"
> log_prefix("kernel: "));
>         unix-stream ("/dev/log");
>         internal();
>         udp(ip(0.0.0.0) port(514));
> };
>
> destination
> d_network_address_translation              {
> file("/var/log/network-address-translation"); };
> destination
> d_default          { file("/var/log/default"); };
>
> filter f_network_address_translation { host("router-service-
> interface") and
>                                        priority(info) and
>                                        facility(local2) and
>                                        match("FWNAT"); };
>
> log { source(s_sys);
>       filter(f_network_address_translation);
>
> destination(d_network_address_translation);      flags(final); };
> log { source(s_sys);
>       destination(d_default); };
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>