RE: [syslog-ng]Eliminating certain keyword from the "all" directi ve?
Stephen, Sure there's a way. Syslog-ng is a full service application after all. You want to set up a destination and a filter: destination mail { file("/var/adm/maillogs"); }; filter f_mail { facility(mail); }; log { source(src); filter(f_mail); destination(mail); }; log { source(src); filter(DEFAULT); destination(all); }; The DEFAULT is a macro that will basically log everything that hasn't already been logged. If you just didn't want your mail logs just set the file to /dev/null or something. There are probably other ways to do this but this seems the most straight forward to me. Regards, DRew -----Original Message----- From: Stephen C Burns [mailto:sburns@farpointer.net] Sent: Tuesday, July 24, 2001 9:42 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]Eliminating certain keyword from the "all" directive? Hi all, I have a question regarding the redirection of certain log messages to files. I currently have the "all" directive sending every syslog message into /var/log/messages, via: destination all { file("/var/log/messages"); }; And that is great, except I don't want my mail messages getting sent into the messages file as well as this takes up a lot of space. So I basically need some way to say "send all messages except for mail messages into /var/log/messages" Is there such a way? Thank you for any help!! _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
Thank you Drew, I already have something similar set up. I was not descriptive enough in my question. I have the default filter set. I have each one of my services logging to their own .log file. All messages to these individual .log files also go to the "all" destination which is a different file than the file for the default filter. And all that is fine - however, I would like for the mail messages to go to their own separate .log file only - and have no entry in the "all" file. I don't want to set them to /dev/null because I do want them, I just don't want them in the "all" file. :-) (They are not currently being logged to the "default" file) Thank you! -----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Hamilton, Andrew Mr RAYTHEON 5 SIG CMD Sent: Tuesday, July 24, 2001 11:55 PM To: 'syslog-ng@lists.balabit.hu' Subject: RE: [syslog-ng]Eliminating certain keyword from the "all" directive? Stephen, Sure there's a way. Syslog-ng is a full service application after all. You want to set up a destination and a filter: destination mail { file("/var/adm/maillogs"); }; filter f_mail { facility(mail); }; log { source(src); filter(f_mail); destination(mail); }; log { source(src); filter(DEFAULT); destination(all); }; The DEFAULT is a macro that will basically log everything that hasn't already been logged. If you just didn't want your mail logs just set the file to /dev/null or something. There are probably other ways to do this but this seems the most straight forward to me. Regards, DRew -----Original Message----- From: Stephen C Burns [mailto:sburns@farpointer.net] Sent: Tuesday, July 24, 2001 9:42 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]Eliminating certain keyword from the "all" directive? Hi all, I have a question regarding the redirection of certain log messages to files. I currently have the "all" directive sending every syslog message into /var/log/messages, via: destination all { file("/var/log/messages"); }; And that is great, except I don't want my mail messages getting sent into the messages file as well as this takes up a lot of space. So I basically need some way to say "send all messages except for mail messages into /var/log/messages" Is there such a way? Thank you for any help!! _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
participants (2)
-
Hamilton, Andrew Mr RAYTHEON 5 SIG CMD
-
Stephen C Burns