Dear sirs. I'm newbie in syslog-ng therefore I beg you to treat my question with indulgence if it is primitive. I'm very sorry for an attached conf but I think I can't explain my problem without this. I have linux (RH) box with syslog-ng-1.4.10 (it's some outdated package but I haven't enough knowledge for its rebuilding). My problem is following: the log from MTA comes to /var/log/messages. So I have duplicate MTA log in mail.log and messages. As far as I understand the problem point is in following filters:
filter f_messages { level(info, emerg, debug, notice, warn, crit, err); }; log { source(src); filter(f_messages); destination(messages); };
There was an attempt to "log anything (except mail) of level info or higher". But mail is logging to /var/log/messages anyway. How should I modify the filters for resolving this? I will be very appreciate for your kind help. -- Yours sincerely Serge Leschinsky mailto:fish@artlife.tomsknet.ru Wednesday, June 19, 2002
On Wed, Jun 19, 2002 at 12:58:30PM +0700, Serge Leschinsky wrote:
My problem is following: the log from MTA comes to /var/log/messages. So I have duplicate MTA log in mail.log and messages. As far as I understand the problem point is in following filters:
filter f_messages { level(info, emerg, debug, notice, warn, crit, err); }; log { source(src); filter(f_messages); destination(messages); };
There was an attempt to "log anything (except mail) of level info or higher". But mail is logging to /var/log/messages anyway. How should I modify the filters for resolving this?
Most mail logs come in at mail.info and mail.debug. Your filter catches all *.info and *.debug. You need a filter more like: filter f_messages { level(info .. warn) and not facility(auth, authpriv, cron, daemon, mail, news); }; -- Like medieval peasants, computer manufacturers and millions of users are locked in a seemingly eternal lease with their evil landlord, who comes around every two years to collect billions of dollars of taxes in return for mediocre services. --Mark Harris, Electronics Times
Dear Nate. On Tuesday, the 18th of June, 2002, at 23:40 GMT -07 (Wednesday, the 19th of June, 2002, at 13:40 my local time), you wrote about "[syslog-ng]Some missunderstanding in filter", at least in part: NC> You need a filter more like: NC> filter f_messages { level(info .. warn) NC> and not facility(auth, authpriv, cron, daemon, mail, news); }; Thank you very much for your kind reply! Yesterday I tried to do almost the same but I didn't know the format and tried to combine filters without "and". Surely I always had a configuration error... Probably I didn't read attentively the documentation and FAQ... I'm very grateful for your help! -- Yours sincerely Serge Leschinsky mailto:serge@artlife.tomsknet.ru Wednesday, June 19, 2002
participants (3)
-
Nate Campi
-
Serge Leschinsky
-
Serge Leschinsky