I can't seem to get sudo logs logging properly. Would like each host to log to sudo.log instead of local2. /var/log/syslog-ng/$HOST/sudo.log Anyone have any examples of how they did it? -- Chuck
On Tue, Jan 08, 2002 at 12:52:13PM -0800, Chuck Kelly wrote:
I can't seem to get sudo logs logging properly.
Would like each host to log to sudo.log instead of local2.
/var/log/syslog-ng/$HOST/sudo.log
Anyone have any examples of how they did it?
It's possible by using the $PROGRAM macro in your See http://www.balabit.hu/static/syslog-ng/reference/x324.html#AEN512 You don't really want to trust the input of log messages when creating files in your filesystem, though. Plus that will log *all* your logs by program. If you just want the sudo stuff you can apply a regexp to log messages as they come in like: destination sudo_log { file("/var/log/syslog-ng/$HOST/sudo.log" create_dirs(yes)); }; # this should match sudo in the tag field filter f_sudo { match("sudo:"); }; log { source(src); filter(f_sudo_log); destination(sudo_log); }; This should work as is. -- Nate Campi http://www.campin.net GnuPG key: 0xC17AEF79 "ASCII stupid question, get a stupid ANSI !"
participants (2)
-
Chuck Kelly
-
Nate Campi