[syslog-ng]Kernel messages
Erich Reitz
ereitz@mail.com
Fri, 3 Nov 2000 15:23:35 -0800
Hi,
I run a RedHat 7 system (just upgraded from 5), and don't understand why my
previous configuration of syslog-ng (1.4.7) doesn't log kernel
messages with rh7, especially those from the IP Chains Packet log.
These messages were logged with syslog, but no longer with syslog-ng:
example:
Nov 3 08:25:34 machine kernel: Packet log: input DENY eth0 PROTO=17
192.41.21.11:123 21.21.1.2:123 L=76 S=0x10 I=31802 F=0x0000 T=14 (#38)
I do run klogd and these messages still show up if I issue a "dmesg"
I've tried starting klogd before and after syslog-ng, but that doesn't seem
to make a difference.
Does anyone have any hints?
Thanks.
My config file:
options { long_hostnames(off); sync(0); time_reopen(10); log_fifo_size(100); };
source src {
unix-stream("/dev/log");
internal();
};
destination fw { file("/var/log/firewall"); };
destination ftpd { file("/var/log/ftpd"); };
destination sendmail { file("/var/log/maillog"); };
destination cron { file("/var/log/cron"); };
destination sshd { file("/var/log/sshd"); };
destination all { file("/var/log/ng-log"); };
destination dst { file("/var/log/msgs"); };
filter fw { match("Packet"); };
filter ftpd { program("ftpd"); };
filter sendmail { program("sendmail"); };
filter cron { program("CROND"); };
filter sshd { program("sshd"); };
filter remain { not program("CROND")
and not program("ftpd")
and not program("sshd")
and not program("sendmail")
and not match("Packet")
; };
log { source(src); filter(fw); destination(fw); };
log { source(src); filter(ftpd); destination(ftpd); };
log { source(src); filter(cron); destination(cron); };
log { source(src); filter(sshd); destination(sshd); };
log { source(src); filter(sendmail); destination(sendmail); };
log { source(src); filter(remain); destination(all); };
log {source(src); destination(dst); };