[syslog-ng]filter problem: level()
Michael D. (Mick) Bauer
mick@visi.com
Wed, 5 Sep 2001 00:51:03 -0500 (CDT)
Hi, all.
I've got a puzzling problem (to me ;-) with the level() function in my
syslog-ng.conf file. I'm using a filter whose sole criterion is
level(debug .. alert); as a sort of "catch-all" filter. But if I send
syslog-ng eight messages, each with a different priority (i.e., one of
each level), only the ones with levels "crit," "alert," and "emerg" get
logged. But wait! Those "emerg" messages shouldn't be making it past the
filter! What *on earth* is going on here?
(Could it be some sort of weirdness between logger & syslog-ng?)
Here's my config file, etc.:
# begin syslog-ng.conf
options { long_hostnames(off); sync(0); };
source src { unix-dgram("/dev/log"); internal(); };
destination d_local { file("/var/log/messages"); };
filter f_mick { level(debug .. alert); };
log { source(src); filter(f_mick); destination(d_local); };
# end syslog-ng.conf
# begin bash-commands (logger) to test above config
curious-george:/etc/init.d# for i in {debug,info,notice,warning,err,crit,alert,
emerg}
>do
>logger -p auth.$i "Priority level $i"
>echo "Priority level $i"
>done
Priority level debug
Priority level info
Priority level notice
Priority level warning
Priority level err
Priority level crit
Priority level alert
Priority level emerg
# end bash-commands & output
# begin excerpt from /var/log/messages
Sep 5 00:13:04 curious-george darthelm: Priority level crit
Sep 5 00:13:04 curious-george darthelm: Priority level alert
Sep 5 00:13:04 curious-george darthelm: Priority level emerg
# end excerpt
TIA,
Mick
/=============================\
| Michael D.(Mick) Bauer |
| Network Security Consultant |
| St. Paul, Minnesota (USA) |
| mick<at>visi.com |
\=============================/