[syslog-ng]syslog-ng.conf.RedHat

[James Riordan]

Howdy-


I think that there might be an inconsistency between the behavior
determined by syslog.conf and that by syslog-ng.conf.RedHat (from
syslog-ng-1.4.12.tar.gz and syslog-ng-1.5.9.tar.gz).

The stock syslog.conf file sends a message to /var/log/messages if it
is of level info or higher unless it comes from facility mail,
authpriv, or cron:

  # Log anything (except mail) of level info or higher.
  # Don't log private authentication messages!
  *.info;mail.none;authpriv.none;cron.none		/var/log/messages

whereas, if I understand it correctly, the relevant lines from
syslog-ng.conf.RedHat

  destination d_mesg { file("/var/log/messages"); };
  filter f_filter2     { level(info) or facility(mail) or facility(authpriv); };
  log { source(s_sys); filter(f_filter2); destination(d_mesg); };

send a message to /var/log/messages if it is exactly of level info, or
if it comes from facility mail or authpriv.

I am not sure about the the internals of filter evaluation (is it
lazy?) so as to write the fastest rule but

  filter f_filter2     { not level(debug) and not (facility(mail) or 
                         facility(authpriv) or facility(cron)); };

seems to work.

Also, thanks for such a nice package.

Regards,
james

-- 
Dr. James Riordan                  email: rij@zurich.ibm.com
IBM Research                       notes: James Riordan/Zurich/IBM
Säumerstrasse 4			   Tel +41 (0) 1 724 89 81
CH-8803 Rüschlikon, Switzerland	   Fax +41 (0) 1 724 89 53