Am Mo, den 27.12.2004 schrieb Philip J. Hollenback um 15:02:
I have the following syslog.conf entry on my linux server:
[...]
filter f_2 { not facility(mail); }; filter f_3 { facility(mail) and level(err..emerg); }; [...] log { source(local); filter(f_1); filter(f_2); filter(f_3); filter(f_4); filter(f_5); filter(f_6); filter(f_7); filter(f_8); filter(f_9); destination(d_mesg); };
The message from source has to match ALL filters (AND'd together) to be logged to destination. That's atleast what I read from chapter 2 (log paths) of the reference manual.
Problem: this doesn't work; the above syslog-ng.conf entry doesn't send any messages to /var/log/messages.
(facility(mail)) AND (not facility(mail))= {} [...]
I've narrowed it down to something with the compound filter statements. If I remove f_3, f_6, and f_8, the entry starts working.
You could perhaps define a log{} statement for each filter rule.
Thanks, P.
HTH Wolfgang -- Wolfgang Braun <wolfgang.braun@gmx.de>, Dipl. Inform. (FH) gpg-key: 1024D/4B32CE55