# $Xanthus: syslog-ng.conf,v 1.1 2004/07/27 02:56:44 markzero Exp $ # syslog-ng config # options { long_hostnames(off); create_dirs(yes); owner(_syslogng); group(_syslogng); perm(0600); dir_owner(_syslogng); dir_group(_syslogng); dir_perm(0700); use_dns(no); sync(0); }; source src { unix-dgram("/dev/log" owner("_syslogng") group("_syslogng") perm(0600)); internal(); }; destination authlog { file("/var/log/auth.log"); }; destination syslog { file("/var/log/syslog"); }; destination cron { file("/var/log/cron.log"); }; destination daemon { file("/var/log/daemon.log"); }; destination kern { file("/var/log/kern.log"); }; destination lpr { file("/var/log/lpr.log"); }; destination user { file("/var/log/user.log"); }; destination uucp { file("/var/log/uucp.log"); }; destination mail { file("/var/log/mail.log"); }; destination mailinfo { file("/var/log/mail.info"); }; destination mailwarn { file("/var/log/mail.warn"); }; destination mailerr { file("/var/log/mail.err"); }; destination newscrit { file("/var/log/news/news.crit"); }; destination newserr { file("/var/log/news/news.err"); }; destination newsnotice { file("/var/log/news/news.notice"); }; destination debug { file("/var/log/debug"); }; destination messages { file("/var/log/messages"); }; #destination console { usertty("root"); }; #destination console_all { file("/dev/tty12"); }; #destination loghost { udp("loghost" port(999)); }; filter f_auth { facility(auth); }; filter f_authpriv { facility(auth, authpriv); }; filter f_syslog { not facility(authpriv, mail); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_user { facility(user); }; filter f_uucp { facility(cron); }; filter f_news { facility(news); }; filter f_debug { not facility(auth, authpriv, news, mail); }; filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; filter f_no_stats { not match("STATS: dropped 0"); }; log { source(src); filter(f_authpriv); filter(f_no_stats); destination(authlog); }; log { source(src); filter(f_syslog); filter(f_no_stats); destination(syslog); }; log { source(src); filter(f_cron); filter(f_no_stats); destination(cron); }; log { source(src); filter(f_daemon); filter(f_no_stats); destination(daemon); }; log { source(src); filter(f_kern); filter(f_no_stats); destination(kern); }; log { source(src); filter(f_lpr); filter(f_no_stats); destination(lpr); }; log { source(src); filter(f_mail); filter(f_no_stats); destination(mail); }; log { source(src); filter(f_user); filter(f_no_stats); destination(user); }; log { source(src); filter(f_uucp); filter(f_no_stats); destination(uucp); }; log { source(src); filter(f_mail); filter(f_no_stats); filter(f_info); destination(mailinfo); }; log { source(src); filter(f_mail); filter(f_no_stats); filter(f_warn); destination(mailwarn); }; log { source(src); filter(f_mail); filter(f_no_stats); filter(f_err); destination(mailerr); }; log { source(src); filter(f_news); filter(f_no_stats); filter(f_crit); destination(newscrit); }; log { source(src); filter(f_news); filter(f_no_stats); filter(f_err); destination(newserr); }; log { source(src); filter(f_news); filter(f_no_stats); filter(f_notice); destination(newsnotice); }; log { source(src); filter(f_debug); filter(f_no_stats); destination(debug); }; log { source(src); filter(f_messages); filter(f_no_stats); destination(messages); }; #log { source(src); filter(f_emergency); filter(f_no_stats); destination(console); }; #log { source(src); destination(console_all); }; Now, let me draw your attention to this line: not match("STATS: dropped 0"); For some reason, I repeatedly get this popping up on the command line: bash-2.05b# STATS: dropped 0 ..when either logged in as root or using su. This doesn't seem to make sense to me, not only is the filter not apparently working,but the lines to log to roots tty are commented out! Anyone had a similar problem? I checked the list archives first, and found a few vague examples of this, but nothing quite the same... mark
On Sun, 2004-08-08 at 23:19, markzero@logik.ath.cx wrote:
Now, let me draw your attention to this line:
not match("STATS: dropped 0");
For some reason, I repeatedly get this popping up on the command line:
bash-2.05b# STATS: dropped 0
..when either logged in as root or using su.
Maybe it is not syslog-ng which writes this line to your console. Can you confirm with strace or truss that syslog-ng is effectively writing this to your root tty? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
Heh, don't worry about it, for some reason it cleared up after a restart. No idea why it started, but it's fixed. thanks anyway, mark On Mon, Aug 16, 2004 at 07:48:04PM +0200, Balazs Scheidler wrote:
On Sun, 2004-08-08 at 23:19, markzero@logik.ath.cx wrote:
Now, let me draw your attention to this line:
not match("STATS: dropped 0");
For some reason, I repeatedly get this popping up on the command line:
bash-2.05b# STATS: dropped 0
..when either logged in as root or using su.
Maybe it is not syslog-ng which writes this line to your console. Can you confirm with strace or truss that syslog-ng is effectively writing this to your root tty?
-- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Balazs Scheidler
-
markzero@logik.ath.cx