[syslog-ng]Some missunderstanding in filter

Nate Campi nate@campin.net
Tue, 18 Jun 2002 23:40:11 -0700

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 19, 2002 at 12:58:30PM +0700, Serge Leschinsky wrote:
> My problem is following:
> the log from MTA comes to /var/log/messages. So I have duplicate MTA
> log in mail.log and messages.
>  As far as I understand the problem point is in following filters:
> > filter f_messages { level(info, emerg, debug, notice, warn, crit, err);=
> >log { source(src); filter(f_messages); destination(messages); };
> There was an attempt to "log anything (except mail) of level info or
> higher". But mail is logging to /var/log/messages anyway. How should I
> modify the filters for resolving this?

Most mail logs come in at mail.info and mail.debug. Your filter catches=20
all *.info and *.debug.

You need a filter more like:

filter f_messages { level(info .. warn)
        and not facility(auth, authpriv, cron, daemon, mail, news); };

Like medieval peasants, computer manufacturers and millions of users
are locked in a seemingly eternal lease with their evil landlord, who
comes around every two years to collect billions of dollars of taxes
in return for mediocre services. --Mark Harris, Electronics Times=20

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org