I apologize - this question has been answered. I sent this email two days ago! "Sent: Wednesday, October 11, 2000 12:53 PM" -Mick
-----Original Message----- From: Ohrberg, Mick Sent: Wednesday, October 11, 2000 12:53 PM To: 'syslog-ng@lists.balabit.hu' Subject: RE: [syslog-ng]Syslog-ng dies unexpectedly
[snip]
Also, I'm running a program that logs NT-events in syslog format and I want to create a separate SINGLE "error" log from multiple machines. What would the format for that be? Does a simple filter and log match statement work?
destination ntlog { file("/var/log/ntlog.log"); }; filter f_error { match("[ERR]"); }; #( [ERR] is the common statement in the NT log statement for error logs)
log { source(net); filter(f_error); destination(ntlog); };
[snip]
Jon,
Does your NT logger use one of the facility/priority pairs available? I know we do a lot of logging using the different user-facilities. If your NTlogger uses that, you can filter by facility as well.
/Mick
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng