[syslog-ng]Strange behaviour with kernel log

Zumeo syslog-ng@lists.balabit.hu
Thu, 26 Jun 2003 14:37:19 +0000


Hi,

I've downloaded latest syslog-ng and installed it on my box (Mandrake 9.0).

Here is my syslog-ng.conf :

---8<---
### Options ###
options {
    dir_perm(0755);
    perm(0644); 
    chain_hostnames(no);
    keep_hostname(yes);
};

### Sources ###
source local {
    unix-stream("/dev/log");
    pipe("/proc/kmsg" log_prefix("kernel: "));
    udp(ip(127.0.0.1) port(514));
    internal();
};

### Destinations ###
destination authlog  { file("/var/log/auth.log"); };
destination syslog   { file("/var/log/syslog"); };
destination cron     { file("/var/log/cron.log"); };
destination daemon   { file("/var/log/daemon.log"); };
destination kern     { file("/var/log/kern.log"); };
destination user     { file("/var/log/user.log"); };

destination mail     { file("/var/log/mail/log"); };
destination mailinfo { file("/var/log/mail/info"); };
destination mailwarn { file("/var/log/mail/warnings"); };
destination mailerr  { file("/var/log/mail/err"); };

destination debug    { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };

destination boot     { file("/var/log/boot.log"); };
destination explanations { file("/var/log/explanations"); };

### Filters ###
filter f_auth   { facility(auth, authpriv); };
filter f_syslog { not facility(auth, authpriv, mail); };
filter f_cron   { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern   { facility(kern); };
filter f_user   { facility(user); };
filter f_mail   { facility(mail); };

filter f_debug  { not facility(auth, authpriv, mail); };
filter f_messages { level(info .. warn) and
    not facility(auth, authpriv, cron, daemon, mail); };

filter f_info   { level(info); };
filter f_warn   { level(warn); };
filter f_err    { level(err); };

filter f_boot   { facility(local7); };
filter f_explanations { facility(local1); };

### Logs ###
log { source(local); filter(f_auth); destination(authlog); };
log { source(local); filter(f_syslog); destination(syslog); };
log { source(local); filter(f_cron); destination(cron); };
log { source(local); filter(f_daemon); destination(daemon); };
log { source(local); filter(f_kern); destination(kern); };
log { source(local); filter(f_user); destination(user); };
log { source(local); filter(f_mail); destination(mail); };
log { source(local); filter(f_mail); filter(f_info); destination mailinfo);
};
log { source(local); filter(f_mail); filter(f_warn); destination(mailwarn);
};
log { source(local); filter(f_mail); filter(f_err); destination(mailerr);
};
log { source(local); filter(f_debug); destination(debug); };
log { source(local); filter(f_messages); destination(messages); };
log { source(local); filter(f_boot); destination(boot); };
log { source(local); filter(f_explanations); destination(explanations); };
--->8---

To try my syslog-ng.conf, I used logger :

# logger -p kern.info "test kern.info 1"

Then I checked kern.log and saw nothing. The "test kern.info 1" was in
user.log !

Can someone explain me this strange behaviour ?

--zumeo

________________________________________________________________________
This letter has been delivered unencrypted. We'd like to remind you that
the full protection of e-mail correspondence is provided by S-mail
encryption mechanisms if only both, Sender and Recipient use S-mail.
Register at S-mail.com: http://www.s-mail.com