[syslog-ng]Eliminating certain keyword from the "all" directi
ve?
Hamilton, Andrew Mr RAYTHEON 5 SIG CMD
HamiltonA@hq.5sigcmd.army.mil
Wed, 25 Jul 2001 08:14:15 +0200
Stephen,
Oh, then set up a filter:
filter f_all_others { not facility(mail); };
Is this what you are looking for? This will get everything except the mail
facility. Then you set whatever destinations you like.
Regards,
Drew
-----Original Message-----
From: Stephen C Burns [mailto:sburns@farpointer.net]
Sent: Wednesday, July 25, 2001 7:24 AM
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]Eliminating certain keyword from the "all"
directive?
Thank you Drew,
I already have something similar set up. I was not descriptive enough
in my question. I have the default filter set. I have each one of my
services logging to their own .log file. All messages to these
individual .log files also go to the "all" destination which is a
different file than the file for the default filter. And all that is
fine - however, I would like for the mail messages to go to their own
separate .log file only - and have no entry in the "all" file. I don't
want to set them to /dev/null because I do want them, I just don't want
them in the "all" file. :-) (They are not currently being logged to
the "default" file) Thank you!
-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Hamilton, Andrew
Mr RAYTHEON 5 SIG CMD
Sent: Tuesday, July 24, 2001 11:55 PM
To: 'syslog-ng@lists.balabit.hu'
Subject: RE: [syslog-ng]Eliminating certain keyword from the "all"
directive?
Stephen,
Sure there's a way. Syslog-ng is a full service application after all.
You want to set up a destination and a filter:
destination mail { file("/var/adm/maillogs"); };
filter f_mail { facility(mail); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(DEFAULT); destination(all); };
The DEFAULT is a macro that will basically log everything that hasn't
already been logged. If you just didn't want your mail logs just set
the file to /dev/null or something. There are probably other ways to do
this but this seems the most straight forward to me.
Regards,
DRew
-----Original Message-----
From: Stephen C Burns [mailto:sburns@farpointer.net]
Sent: Tuesday, July 24, 2001 9:42 PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]Eliminating certain keyword from the "all"
directive?
Hi all,
I have a question regarding the redirection of certain log messages to
files. I currently have the "all" directive sending every syslog
message into /var/log/messages, via:
destination all {
file("/var/log/messages");
};
And that is great, except I don't want my mail messages getting sent
into the messages file as well as this takes up a lot of space.
So I basically need some way to say "send all messages except for mail
messages into /var/log/messages"
Is there such a way? Thank you for any help!!
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng