Dear community,

I am currently trying to setup a central syslog-ng server.
 Almost everything is working, I just have some issue with filtering apache2 logs.

On the remote host I use the following to send apache2 :

source vhost_access { file("/var/log/apache2/vhost-access.log"); };

This is working the central syslog server get the messages.

I setup a filter on the server to filter apache2 log such as :

filter f_apache { match("hostname.mydomain.fr"); };

this works.

The issue is that my apache2 logs match other filter, so I am logging messages 3 times :

filter f_messages { level(info,notice,warn) and
                    not facility(auth,authpriv,cron,daemon,mail,news); };

and :
filter f_user { facility(user) and not filter(f_debug); };


It seems that I have to play with default-priority() and default-facility() parameters.

I would like to know how do you deal with this kind of situation ?

Regards,

Hugo