Hi, When I have the following in syslog-ng.conf: filter f_cyrus { level(warn, err, crit) and facility(local6); }; destination cyrus { file("/var/log/cyrus.log"); }; log { source(src); filter(f_cyrus); destination(cyrus); }; nothing is being logged in /var/log/cyrus.log however when I use: filter f_cyrus { level(warn, err, crit) and match("imap"); }; it works fine, why is local6 not working?? (cyrus-imap is default compiled with local6 enabled) Running on Suse 10.0 ( Cannot upgrade yet :-( ) with syslog-ng version 1.6.8 Greetings, Ruud Feringa.
Hi,
Hi,
When I have the following in syslog-ng.conf:
filter f_cyrus { level(warn, err, crit) and facility(local6); }; destination cyrus { file("/var/log/cyrus.log"); }; log { source(src); filter(f_cyrus); destination(cyrus); };
nothing is being logged in /var/log/cyrus.log
however when I use:
filter f_cyrus { level(warn, err, crit) and match("imap"); };
it works fine, why is local6 not working??
(cyrus-imap is default compiled with local6 enabled)
Well, are you sure that cyrus really uses local6? You can check this easily by adding a template to your config like this: destination cyrus { file("/var/log/cyrus.log" template("$TAG $MSG\n")); }; And then check what $TAG is when there are log lines. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Ok, done that: I see now: 1f imap[11480]: seen_db: ... 1f imap[11480]: open: user supporttickets opened INBOX 1f imap[11480]: SQUAT failed to open index file 1f imap[11480]: SQUAT failed 1f imap[11480]: accepted connection So what does it tell? The '1f' used to be the date/timestamp. Ps (to get output quick, I also removed the level(..) ) Regards, -Ruud. -----Original Message----- From: Geller, Sandor (IT) [mailto:Sandor.Geller@morganstanley.com] Sent: woensdag 4 juni 2008 13:32 To: 'Syslog-ng users' and developers' mailing list' Subject: Re: [syslog-ng] local6 doesn't seem to work... Hi,
Hi,
When I have the following in syslog-ng.conf:
filter f_cyrus { level(warn, err, crit) and facility(local6); }; destination cyrus { file("/var/log/cyrus.log"); }; log { source(src); filter(f_cyrus); destination(cyrus); };
nothing is being logged in /var/log/cyrus.log
however when I use:
filter f_cyrus { level(warn, err, crit) and match("imap"); };
it works fine, why is local6 not working??
(cyrus-imap is default compiled with local6 enabled)
Well, are you sure that cyrus really uses local6? You can check this easily by adding a template to your config like this: destination cyrus { file("/var/log/cyrus.log" template("$TAG $MSG\n")); }; And then check what $TAG is when there are log lines. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. ____________________________________________________________________________ __ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Hi,
Ok, done that: I see now:
1f imap[11480]: seen_db: ... 1f imap[11480]: open: user supporttickets opened INBOX 1f imap[11480]: SQUAT failed to open index file 1f imap[11480]: SQUAT failed 1f imap[11480]: accepted connection
So what does it tell? The '1f' used to be the date/timestamp.
No, 1f is the facility/priority in HEX. 1f is 31 in decimal, which is 3*8 + 7. 3 stands for the daemon facility, and 7 is the debug priority. So these logs came from daemon.debug You should adjust your filter. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
participants (3)
-
Geller, Sandor (IT)
-
Ruud Feringa
-
ruud.feringa@mondrian.nl