[syslog-ng]Can I prevent syslog-ng from prepending logs from other servers?

Gregor Binder gbinder@sysfive.com
Tue, 19 Dec 2000 13:25:30 +0100


William Yodlowsky on Mon, Dec 18, 2000 at 11:34:34PM -0500:
> On Mon, Dec 18, 2000 at 05:09:20PM -0600, Matt Mencel wrote:

Hi,

> >  I am recieving web and ftp logs from another machine on my central logging
> >  machine.  Syslog-ng prepends the logs with a bunch of information that I
> >  don't need and it prevents Analog and Webalizer from parsing the logs
> >  correctly.  Is there a way to tell syslog-ng not to prepend this
> > information
> >  to certain logs?  Thanks.

the main reason why you have replaced your original syslog are
advanced filtering capabilities .. use them :)

Look at the example configuration files that came with your source
tarball, RTFM (one of the not so advanced features of syslog-ng ;)),
or try something like:

source s_ftplog { udp (ip(a.b.c.d) port(514));

destination d_ftplog { file ("/log/$HOST/the_log_you_are_checking")

filter f_ftplog { program ("ftpd") and
                  not match ("bunch of information"); }

log { source(s_ftplog); filter(f_ftplog); destination(d_ftplog); };

> Can you not prepend our mailboxes with 4 copies of the same message?
> Thanks.

BTW, I seem to get almost every message twice, and since I got this
one 4 times as well, I guess other people have the same problem?

I did not subscribe multiple times, in case anybody wonders :)

Greetings,
  Gregor.

-- 
Gregor Binder  <gbinder@sysfive.com>  http://www.sysfive.com/~gbinder/
sysfive.com GmbH             UNIX. Networking. Security. Applications.
Gaertnerstrasse 125b, 20253 Hamburg, Germany       TEL +49-40-63647482