[syslog-ng]Config ?
Jack Sasportas
jack@innovativeinternet.com
Mon, 21 Oct 2002 10:03:53 -0400
I used a much older version of syslog-ng previously, but the newer
version is a little different, so I just want to confirm a couple of
things.
1. If I install the RPM under redhat 7.2 what do I need to do to
basically insure that the old syslog isn't going to kick in etc.
2. I want to split any pop activity from maillog into poplog, so I
configured what I thought would work, and it does most of the time, but
there are times when I pop the server, and there is no long entry. Here
is my entire config.
Any help appreciated.... THANKS
-------- Config File ----------
# This file should be compatible with the out-of-the-box
# /etc/syslog.conf on Red Hat Linux
# global options
#
options { use_dns(yes);
use_fqdn(no);
use_time_recvd(no);
chain_hostnames(no);
mark(0);
sync(0);
};
source s_local { internal();
unix-stream("/dev/log" keep-alive(yes)
max-connections(10));
file("/proc/kmsg");
};
# facility filters
#
# Jack filter f_authpriv { facility(authpriv); };
filter f_authpriv { facility(authpriv) and not program("popper"); };
filter f_boot { facility(local7); };
filter f_cron { facility(cron); };
filter f_kern { facility(kern); };
# Jack filter f_mail { facility(mail); };
filter f_mail { facility(mail) and not program("popper"); };
filter f_messages { priority(info..emerg)
and not facility(mail, news, authpriv, cron, local1,
local2, local3, local4, local5, local6);
};
# Jack
filter f_news { facility(news); };
# priority filters
#
filter f_crit { priority(crit..emerg); };
filter f_crit_only { priority(crit); };
filter f_emerg { priority(emerg); };
filter f_err { priority(err..emerg); };
filter f_err_only { priority(err); };
filter f_info { priority(info..emerg); };
filter f_notice { priority(notice..emerg); };
filter f_warn { priority(warning..emerg); };
# Jack
filter f_pop { program(popper); };
destination d_all { usertty("*"); };
destination d_boot { file("/var/log/bootlog"); };
destination d_console { file("/dev/console"); };
destination d_cron { file("/var/log/cron"); };
destination d_mail { file("/var/log/maillog"); };
destination d_messages { file("/var/log/messages"); };
# Jack
destination d_news_crit { file("/var/log/news/news.crit"); };
destination d_news_err { file("/var/log/news/news.err"); };
destination d_news_notice { file("/var/log/news/news.notice"); };
destination d_secure { file("/var/log/secure"); };
destination d_spooler { file("/var/log/spooler"); };
# Jack
destination d_pop { file("/var/log/poplog"); };
# Everybody gets emergency messages
log { source(s_local); filter(f_emerg); destination(d_all); };
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
log { source(s_local); filter(f_messages); destination(d_messages); };
# The authpriv file has restricted access.
log { source(s_local); filter(f_authpriv); destination(d_secure); };
# Jack Log all the pop mail messages.
log { source(s_local); filter(f_pop); destination(d_pop); };
# Log all the mail messages in one place.
log { source(s_local); filter(f_mail); destination(d_mail); };
# Log cron stuff
log { source(s_local); filter(f_cron); destination(d_cron); };
# Save boot messages also to boot.log
log { source(s_local); filter(f_boot); destination(d_boot); };
#
# INN
#
log { source(s_local);
filter(f_news); filter(f_crit_only);
destination(d_news_crit);
};
log { source(s_local);
filter(f_news); filter(f_err_only);
destination(d_news_err);
};
log { source(s_local);
filter(f_news); filter(f_notice);
destination(d_news_notice);
};
-------- Config File ----------
Thanks
Jack