---syslog-ng.conf--- # # /etc/syslog-ng/syslog-ng.conf # # Last update: 1999 04 07 #
# sources source src { udp 0.0.0.0,512; unix-stream /dev/log; internal; };
# destinations destination console { file /dev/console; }; destination kernel_log { file /var/log/kernel.log; }; destination secure_log { file /var/log/secure.log; }; destination ssh_log { file /var/log/ssh.log; }; destination mail_log { file /var/log/mail.log; }; destination ftp_log { file /var/log/ftp.log; }; destination msgs_log { file /var/log/messages.log; }; destination crit_log { file /var/log/crit.log; };
destination log_term { file /dev/tty10; }; destination secure_term { file /dev/tty9; };
# filters filter kernel { facility(kern) or program("kernel"); }; filter mail { facility(mail) or program("qmail"); }; filter ftp { program(".*ftpd"); }; filter ssh { match("ssh.*"); }; filter secure { ( facility(authpriv) or match("Overseer") ) and not match("ssh.*"); }; filter crit { priority(crit); }; ^^^^^^^^
I don't know how you could run syslog-ng since, it reports a parse error for me. Instead of priority() you should have written level(). And syslog-ng didn't support comments yet. -- Bazsi PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu