[syslog-ng] proftpd

Sun, 21 Nov 1999 16:02:54 +0100

On Sat, Nov 20, 1999 at 12:08:39PM -0800, Jacob Zehnder wrote:
> hi,
> 
> ive got everything working perfectly in my setup but im having one
> problem.  i cant seem to be able to filter out proftpd from messages.  i
> *can* filter it to ftp.log but it still shows up in messages.
> 
> heres what my messages filter looks like
> filter f_messages { not facility(mail, kern, proftpd); };
> 
> ive substitued proftpd with ftpd, ftp, pro etc..  oh btw, i can filter out
> just stock ftpd fine, proftpd is the only thing i have problems with.  i
> know that proftpd uses its own syslog util but im still not sure how i
> should go about seperating it.  anyone had similar problems? any
> suggestions?

Facility codes are supplied by the sending program, so filtering by facility
is not as easy as it seems. First you'll have to tell the given program to
use a given facility. It's usually a compile time parameter, but sometimes
it can also be tuned at runtime (bind and sshd are two examples).

Then you can use this facility code to filter in syslog-ng. The above
proftpd facility doesn't exist, syslog-ng should have told you about this,
if it didn't, that's a bug.

I think it's easier to use the program() filter:

filter f_proftpd { program("proftpd"); }; 

should suffice.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
     url: http://www.balabit.hu/pgpkey.txt