[syslog-ng]Different messages being logged
Michael Renner
m.renner@inode.at
Fri, 19 Apr 2002 17:31:07 +0200
At 15:46 19.04.2002 +0100, you wrote:
>log { source(s_sys); filter(f_filter1); destination(d_cons); };
>log { source(s_sys); filter(f_filter2); destination(d_mesg); };
>log { source(s_sys); filter(f_filter3); destination(d_auth); };
>log { source(s_sys); filter(f_filter4); destination(d_mail); };
>log { source(s_sys); filter(f_filter5); destination(d_mlal); };
>log { source(s_sys); filter(f_filter6); destination(d_spol); };
>
>
>The syslog.conf from my HPUX box has the following line added
>*.info;mail.none @central-syslog-server
>
>I figure its got something to do with filters, but I dont know where to
>start. Basically I want everything logged and then I'll start deciding what
>to filter out.
Maybe there are messages sent on facilities which aren't mentioned in your
filters (like local1..7), try putting a
"catch-everything-which-hasnt-been-logged-yet" rule somewhere in there.
In 1.5.* it's something like
log { source(s_sys); destination(leftover); flags(fallback); };
unfortunately i can't remember the syntax for 1.4.* anymore.
You should also use something like "*.* @central-syslog-server" on the
syslogd's if you really want all messages from the hpux'n.
mfg/best regards
--
Michael Renner
Junior System Engineer
Inode Telekommunikationsdienstleistungs GmbH - http://www.inode.at
support@inode.at, Tel.: 05 9999-0, Fax.: 05 9999-2699