Hi,
There's no facility code for named, basically the list of facility codes have been frozen for 30 years, so really not up to the task.
That syslog-ng.conf file could be simplified a lot, if you don't require so many log files, I'd recommend something simple like this:
```
@version: 3.17
source s_local {
system();
};
log {
source(s_local);
destination { file("/var/log/syslog"); };
};
```
And start adding your custom rules from here.
The named process can be matched easily with this filter expression:
```
filter f_named { program("named"); };
```
No need to use facility codes, the program name is enough.
Hello
I am trying to log named to syslog_ng and it is not set up by default on
arch or artex.
I set up named for logging, I think
logging {
category default { log_syslog; };
channel log_syslog { syslog; };
};
in the config file for syslog_ng I had added
destination d_mail { file("/var/log/mail.log"); };
destination d_named { file("/var/log/named.log"); };
destination d_news { file("/var/log/news.log"); };
I am looking at filters and have no idea what to do
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { program(syslog-ng); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kernel { facility(kern) and not filter(f_iptables); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_ppp { facility(local2); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv,
mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };
filter f_everything { level(debug..emerg) and not facility(auth,
authpriv); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT="
value("MESSAGE")); };
filter f_acpid { program("acpid"); };
I don't know if there is a built in facilty for named. The docs for the
server and very detailed and rich, and overwhelming.
Ruben
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq