On Fri, May 27, 2005 at 04:29:46PM +0600, Metal Gear wrote:
Still there are no compilation errors now but i m not having any logs of ftp and ssh when i remove filters then i get the bunch of logs. Setting the filters for facility(auth, authpriv) is working but it gives only the users who are successfully connected theu ssh or ftp. I m sending my syslog-ng.conf using filters but i m not getting the logs of it.
source src {unix-stream("/dev/log"); pipe("/proc/kmsg"); internal();}; source stunnel {tcp(ip("127.0.0.1 <http://127.0.0.1>") port(514) keep-alive(yes));};
filter f_ftp {program(".*ftp*.");}; filter f_ssh {program(".*ssh*.");};
log {source(src); filter(f_syslog); filter(f_ftp); filter(f_ssh); destination(dest2);}; log {source(stunnel); filter(f_syslog); filter(f_ftp); filter(f_ssh); destination(dest2);};
I already pointed out your error in this same thread. You can't have those filters all set up, you'll only see messages if ALL OF THEM MATCH. Read back through for an example I gave on how to make it filter the way you want it to. -- Nate "A lie can travel half way around the world while the truth is putting on it's shoes." - Samuel Clemens