[syslog-ng]Some missunderstanding in filter
Nate Campi
nate@campin.net
Tue, 18 Jun 2002 23:40:11 -0700
--5I6of5zJg18YgZEa
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Jun 19, 2002 at 12:58:30PM +0700, Serge Leschinsky wrote:
>=20
> My problem is following:
> the log from MTA comes to /var/log/messages. So I have duplicate MTA
> log in mail.log and messages.
> As far as I understand the problem point is in following filters:
> > filter f_messages { level(info, emerg, debug, notice, warn, crit, err);=
};
> >log { source(src); filter(f_messages); destination(messages); };
>=20
> There was an attempt to "log anything (except mail) of level info or
> higher". But mail is logging to /var/log/messages anyway. How should I
> modify the filters for resolving this?
Most mail logs come in at mail.info and mail.debug. Your filter catches=20
all *.info and *.debug.
You need a filter more like:
filter f_messages { level(info .. warn)
and not facility(auth, authpriv, cron, daemon, mail, news); };
--=20
Like medieval peasants, computer manufacturers and millions of users
are locked in a seemingly eternal lease with their evil landlord, who
comes around every two years to collect billions of dollars of taxes
in return for mediocre services. --Mark Harris, Electronics Times=20
--5I6of5zJg18YgZEa
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9ECdKWpDEZMF673kRAmHcAJ9aVdtoL3cgQ8N5tjUkdm7JUO5hogCfc30F
xZfWK7wvCF/gxjE4GbgDUGI=
=y3FS
-----END PGP SIGNATURE-----
--5I6of5zJg18YgZEa--