[syslog-ng]Config ?

Jack Sasportas jack@innovativeinternet.com
Mon, 21 Oct 2002 10:03:53 -0400


I used a much older version of syslog-ng previously, but the newer
version is a little different, so I just want to confirm a couple of
things.

1. If I install the RPM under redhat 7.2 what do I need to do to
basically insure that the old syslog isn't going to kick in etc.

2. I want to split any pop activity from maillog into poplog, so I
configured what I thought would work, and it does most of the time, but
there are times when I pop the server, and there is no long entry.  Here

is my entire config.

Any help appreciated.... THANKS

-------- Config File ----------
# This file should be compatible with the out-of-the-box
# /etc/syslog.conf on Red Hat Linux

# global options
#
options { use_dns(yes);
          use_fqdn(no);
          use_time_recvd(no);
          chain_hostnames(no);
          mark(0);
          sync(0);
};

source s_local { internal();
                 unix-stream("/dev/log" keep-alive(yes)
max-connections(10));
                 file("/proc/kmsg");
};



# facility filters
#
# Jack filter f_authpriv { facility(authpriv); };
filter f_authpriv { facility(authpriv) and not program("popper"); };
filter f_boot { facility(local7); };
filter f_cron { facility(cron); };
filter f_kern { facility(kern); };
# Jack filter f_mail { facility(mail); };
filter f_mail { facility(mail) and not program("popper"); };
filter f_messages { priority(info..emerg)
                    and not facility(mail, news, authpriv, cron, local1,

                    local2, local3, local4, local5, local6);
};

# Jack
filter f_news { facility(news); };

# priority filters
#
filter f_crit { priority(crit..emerg); };
filter f_crit_only { priority(crit); };
filter f_emerg { priority(emerg); };
filter f_err { priority(err..emerg); };
filter f_err_only { priority(err); };
filter f_info { priority(info..emerg); };
filter f_notice { priority(notice..emerg); };
filter f_warn { priority(warning..emerg); };

# Jack
filter f_pop { program(popper); };


destination d_all { usertty("*"); };
destination d_boot { file("/var/log/bootlog"); };
destination d_console { file("/dev/console"); };
destination d_cron { file("/var/log/cron"); };
destination d_mail { file("/var/log/maillog"); };
destination d_messages { file("/var/log/messages"); };
# Jack
destination d_news_crit { file("/var/log/news/news.crit"); };
destination d_news_err { file("/var/log/news/news.err"); };
destination d_news_notice { file("/var/log/news/news.notice"); };
destination d_secure { file("/var/log/secure"); };
destination d_spooler { file("/var/log/spooler"); };

# Jack
destination d_pop { file("/var/log/poplog"); };


# Everybody gets emergency messages
log { source(s_local); filter(f_emerg); destination(d_all); };

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
log { source(s_local); filter(f_messages); destination(d_messages); };

# The authpriv file has restricted access.
log { source(s_local); filter(f_authpriv); destination(d_secure); };


# Jack Log all the pop mail messages.
log { source(s_local); filter(f_pop); destination(d_pop); };


# Log all the mail messages in one place.
log { source(s_local); filter(f_mail); destination(d_mail); };

# Log cron stuff
log { source(s_local); filter(f_cron); destination(d_cron); };

# Save boot messages also to boot.log
log { source(s_local); filter(f_boot); destination(d_boot); };

#
# INN
#
log { source(s_local);
      filter(f_news); filter(f_crit_only);
      destination(d_news_crit);
};
log { source(s_local);
      filter(f_news); filter(f_err_only);
      destination(d_news_err);
};
log { source(s_local);
      filter(f_news); filter(f_notice);
      destination(d_news_notice);
};

-------- Config File ----------

Thanks

Jack