hi, ive got everything working perfectly in my setup but im having one problem. i cant seem to be able to filter out proftpd from messages. i *can* filter it to ftp.log but it still shows up in messages. heres what my messages filter looks like filter f_messages { not facility(mail, kern, proftpd); }; ive substitued proftpd with ftpd, ftp, pro etc.. oh btw, i can filter out just stock ftpd fine, proftpd is the only thing i have problems with. i know that proftpd uses its own syslog util but im still not sure how i should go about seperating it. anyone had similar problems? any suggestions? thanks, -jacob * * * * * * * * * * * * * * * * * * Jacob Zehnder * * * * * * * * * Grill Master * * * * * * * * "The dude abides." * * * * 'The Big Lebowski' * * * * * * * * * * * * * *
why not try to filter it out by doing a match such as not match(proftpd); Chris Scheller Network One Internet, inc. http://www.networkone.net/ System/Network Administration 1.888.GOT-NET1 On Sat, 20 Nov 1999, Jacob Zehnder wrote:
hi,
ive got everything working perfectly in my setup but im having one problem. i cant seem to be able to filter out proftpd from messages. i *can* filter it to ftp.log but it still shows up in messages.
heres what my messages filter looks like filter f_messages { not facility(mail, kern, proftpd); };
ive substitued proftpd with ftpd, ftp, pro etc.. oh btw, i can filter out just stock ftpd fine, proftpd is the only thing i have problems with. i know that proftpd uses its own syslog util but im still not sure how i should go about seperating it. anyone had similar problems? any suggestions?
thanks, -jacob
* * * * * * * * * * * * * * * * * * Jacob Zehnder * * * * * * * * * Grill Master * * * * * * * * "The dude abides." * * * * 'The Big Lebowski' * * * * * * * * * * * * * *
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu http://lists.balabit.hu/mailman/listinfo/syslog-ng
On Sat, Nov 20, 1999 at 12:08:39PM -0800, Jacob Zehnder wrote:
hi,
ive got everything working perfectly in my setup but im having one problem. i cant seem to be able to filter out proftpd from messages. i *can* filter it to ftp.log but it still shows up in messages.
heres what my messages filter looks like filter f_messages { not facility(mail, kern, proftpd); };
ive substitued proftpd with ftpd, ftp, pro etc.. oh btw, i can filter out just stock ftpd fine, proftpd is the only thing i have problems with. i know that proftpd uses its own syslog util but im still not sure how i should go about seperating it. anyone had similar problems? any suggestions?
Facility codes are supplied by the sending program, so filtering by facility is not as easy as it seems. First you'll have to tell the given program to use a given facility. It's usually a compile time parameter, but sometimes it can also be tuned at runtime (bind and sshd are two examples). Then you can use this facility code to filter in syslog-ng. The above proftpd facility doesn't exist, syslog-ng should have told you about this, if it didn't, that's a bug. I think it's easier to use the program() filter: filter f_proftpd { program("proftpd"); }; should suffice. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
participants (3)
-
Balazs Scheidler
-
Chris Scheller
-
Jacob Zehnder