[syslog-ng]Updated Red Hat config file
Balazs Scheidler
bazsi@balabit.hu
Wed, 21 Aug 2002 13:43:51 +0200
On Sat, Aug 10, 2002 at 10:00:49PM +1000, Frank Crawford wrote:
> Folks,
> I've modified the contributed configuration file for Red Hat to
> update it to be more compatible with Red Hat 7.3. In particular, I've
> modified it to totally remove the requirement for running klogd (as
> described in the FAQ).
>
> In particular, I've added a template to include the program type
> "kernel:" for kernel messages. This is normally done by klogd, and is
> expected by such utilities as logwatch. The one question I have here is
> that I have two opens of "/var/log/messages" with different options, and
> I'm not sure if it is legal, although it does seem to work. Are there
> any possible problems with this?
Yes, there are. You should use the log_prefix option for file sources. (I
know it's undocumented):
source s_kern { file("/proc/kmsg" log_prefix("kernel: ")); };
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1