[syslog-ng]Eliminating certain keyword from the "all" directive?

Stephen C Burns sburns@farpointer.net
Wed, 25 Jul 2001 00:24:02 -0500

Thank you Drew,

I already have something similar set up.  I was not descriptive enough
in my question.  I have the default filter set.  I have each one of my
services logging to their own .log file.  All messages to these
individual .log files also go to the "all" destination which is a
different file than the file for the default filter.  And all that is
fine - however, I would like for the mail messages to go to their own
separate .log file only - and have no entry in the "all" file.  I don't
want to set them to /dev/null because I do want them, I just don't want
them in the "all" file.  :-)  (They are not currently being logged to
the "default" file)  Thank you!

-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Hamilton, Andrew
Sent: Tuesday, July 24, 2001 11:55 PM
To: 'syslog-ng@lists.balabit.hu'
Subject: RE: [syslog-ng]Eliminating certain keyword from the "all"


Sure there's a way.  Syslog-ng is a full service application after all.
You want to set up a destination and a filter:

destination mail { file("/var/adm/maillogs"); };

filter f_mail { facility(mail); };

log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(DEFAULT); destination(all); };

The DEFAULT is a macro that will basically log everything that hasn't
already been logged.  If you just didn't want your mail logs just set
the file to /dev/null or something.  There are probably other ways to do
this but this seems the most straight forward to me. 



-----Original Message-----
From: Stephen C Burns [mailto:sburns@farpointer.net]
Sent: Tuesday, July 24, 2001 9:42 PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]Eliminating certain keyword from the "all"

Hi all,

I have a question regarding the redirection of certain log messages to
files.  I currently have the "all" directive sending every syslog
message into /var/log/messages, via:

destination all {


And that is great, except I don't want my mail messages getting sent
into the messages file as well as this takes up a lot of space.

So I basically need some way to say "send all messages except for mail
messages into /var/log/messages"

Is there such a way?  Thank you for any help!!

syslog-ng maillist  -  syslog-ng@lists.balabit.hu

syslog-ng maillist  -  syslog-ng@lists.balabit.hu