[syslog-ng]Yet another question on filtering
John A. Parker
jap54@cornell.edu
Wed, 13 Sep 2000 14:10:27 -0400
--=====================_94181374==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed
I have yet another filtering question. On an AIX server using the
syslog-ng.conf stanzas shown below, the only messages being logged to the
d_cisco destination are those I know are coming in under facility local7.
However, those same messages are also being logged to the d_all_ms
destination which I think I'm filtering out. The filters seems correct and
I am successfully using a similar "not" filter elsewhere (for local2
messages). Can anyone explain what I'm doing wrong?
Thanks!
#######################################################################################
options { long_hostnames(off);
use_fqdn(yes);
log_fifo_size(1000);
chain_hostnames(yes); };
source src { unix-dgram("/dev/log"); internal(); udp(ip(0.0.0.0) port(514)); };
destination d_all_ms
{ file("/logs/machine_specific/$HOST/all.$LEVEL.$YEAR$MONTH$DAY"
group(systems) perm(0664) dir_perm(0664) create_dirs(yes) );};
destination d_cisco
{ file("/logs/cisco/cisco.messages" group(systems)
perm(0664) );};
# CISCO (local7) messages:
filter f_cisco { facility(local7); };
# NO CISCO (local7) messages:
filter f_no_cisco { not facility(local7); };
# Forward all messages to machine specific log monitored by system admins
log { source(src);
filter(f_no_cisco);
destination(d_all_ms);
};
# Log all messages coming in on local7 facility to /logs/cisco/cisco.messages
log { source(src);
filter(f_cisco);
destination(d_cisco);
};
#######################################################################################
---
John A. Parker Senior Programmer/Analyst - AIX Cornell University
jap54@cornell.edu 607-255-9356 607-255-8521 (Fax)
--=====================_94181374==_.ALT
Content-Type: text/html; charset="us-ascii"
I have yet another filtering question. On an AIX server using the
syslog-ng.conf stanzas shown below, the only messages being logged to the
d_cisco destination are those I know are coming in under facility local7.
However, those same messages are also being logged to the d_all_ms
destination which I think I'm filtering out. The filters seems correct
and I am successfully using a similar "not" filter elsewhere
(for local2 messages). Can anyone explain what I'm doing wrong?
Thanks!
#######################################################################################
options { long_hostnames(off);
use_fqdn(yes);
log_fifo_size(1000);
chain_hostnames(yes); };
source src { unix-dgram("/dev/log"); internal();
udp(ip(0.0.0.0) port(514)); };
destination d_all_ms
{
file("/logs/machine_specific/$HOST/all.$LEVEL.$YEAR$MONTH$DAY"
group(systems) perm(0664) dir_perm(0664) create_dirs(yes) );};
destination d_cisco
{ file("/logs/cisco/cisco.messages" group(systems) perm(0664)
);};
# CISCO (local7) messages:
filter f_cisco { facility(local7); };
# NO CISCO (local7) messages:
filter f_no_cisco { not facility(local7); };
# Forward all messages to machine specific log monitored by system
admins
log { source(src);
filter(f_no_cisco);
destination(d_all_ms);
};
# Log all messages coming in on local7 facility to
/logs/cisco/cisco.messages
log { source(src);
filter(f_cisco);
destination(d_cisco);
};
#######################################################################################
---
John A. Parker Senior
Programmer/Analyst - AIX Cornell
University
jap54@cornell.edu 607-255-9356 607-255-8521 (Fax)
--=====================_94181374==_.ALT--