Re: syslog-ng question on filter facility/priority
I would like to filter out kern.debug info from messages when we HUP syslog-ng. I have set up a filter: "filter f_kern.debug { not facility(kern); };" which filters out all kern messages from going to /var/adm/messages. I set up another filter "filter f_kern { facility(kern); };" that logs to destination file /var/log/kern.log" so I can pick up any other kernel messages. Is there a way to set up a filter for facilty(kern) that will filter out the debug info but still log the higher level messages to /var/adm/messages? We are running on Solaris 2.6.
filter f_kern { facility(kern) and not level(debug); }; -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
I have a syslog-ng loghost at home with an options line like this: options { keep_hostname(yes); use_dns(no); long_hostnames(off); sync(0); }; ...and it shows the hostname in the logs as sent by the remote end. So I decide that the loghost I have at work, running syslog-ng 1.4.10 should be set up the same way. It currently uses reverse DNS to get the hostname (I don't like the trust in DNS, or the possible performance probs if there's DNS issues). When I stick that line in the conf file, syslog-ng only logs the IP address of the remote host. This isn't consistent with how the host at home runs with the same options line. Both are linux, built from source. The one at home is still running 1.4.7 (I know, I need to upgrade it ;) How do I make the newer verion keep the hostnames like the older one does? Thanks, Nate
options { keep_hostname(yes); use_dns(no); long_hostnames(off); sync(0); };
...and it shows the hostname in the logs as sent by the remote end. So I decide that the loghost I have at work, running syslog-ng 1.4.10 should be set up the same way. It currently uses reverse DNS to get the hostname (I don't like the trust in DNS, or the possible performance probs if there's DNS issues).
When I stick that line in the conf file, syslog-ng only logs the IP address of the remote host. This isn't consistent with how the host at home runs with the same options line. Both are linux, built from source. The one at home is still running 1.4.7 (I know, I need to upgrade it ;)
How do I make the newer verion keep the hostnames like the older one does?
hmm... this part has not changed since 1.4.7, so they should work the same. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
On Tue, 19 Dec 2000, Balazs Scheidler wrote:
options { keep_hostname(yes); use_dns(no); long_hostnames(off); sync(0); };
...and it shows the hostname in the logs as sent by the remote end. So I decide that the loghost I have at work, running syslog-ng 1.4.10 should be set up the same way. It currently uses reverse DNS to get the hostname (I don't like the trust in DNS, or the possible performance probs if there's DNS issues).
When I stick that line in the conf file, syslog-ng only logs the IP address of the remote host. This isn't consistent with how the host at home runs with the same options line. Both are linux, built from source. The one at home is still running 1.4.7 (I know, I need to upgrade it ;)
How do I make the newer verion keep the hostnames like the older one does?
hmm... this part has not changed since 1.4.7, so they should work the same.
I have the same problem here with 1.4.9a upgrade - those options give IP numbers insted of names even if /etc/hosts includes all involved IP ->name entries. I couldn't find detailed reference to 'keep_hostname' option in doc either. Longina -- Longina Przybyszewska, system programmer Phone: +45 6550 2359 Dept. of Math. & Comp. Sci. SDU, Odense University, Campusvej 55 Email:longina@imada.sdu.dk DK-5230 Odense M, Denmark --
participants (3)
-
Balazs Scheidler
-
Longina Przybyszewska
-
Nate Campi