[syslog-ng]syslog-ng 1.4.17 / cron messages / RH 7.3

Tim Sheets syslog-ng@lists.balabit.hu
Thu, 06 Mar 2003 20:26:03 -0600 

Hello group,

I have just installed syslog-ng 1.4.17 and playing with it on RH 7.3

Initially I was getting crond messages in my logs (was attempting to send 
them to a separate cron log file, but they were ending up in both 
/var/log/cron as well as the standard /var/log/messages files.  I tried to 
change the filter (I hadn't matched the case, etc...) thinking that may 
help.  The messages stopped going to both places.  I have tried various 
things like changing it back, re-organizing the filter/log statements 
(grasping at straws), and added a log entry for filter(DEFAULT), but I still 
can't seem to get them to come back.

Here is my conf file:

options { sync(0); chain_hostnames(no); dir_perm(0755); perm(0644); 
time_reopen(10); log_fifo_size(1000); long_hostnames(off); use__dns(yes); 
use_fqdn(yes); create_dirs(yes); keep_hostname(yes); };

source s_sys { unix-stream("/dev/log"); internal(); udp(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_hosts { file("/var/syslog/hosts/$YEAR/$MONTH/$HOST" 
owner(root) group(root) perm(0644) dir_perm(0700) create_dirs(yes)); };
destination d_mlal { usertty("*"); };
destination d_cron { file("/var/log/cron"); };

filter f_auth     { facility(authpriv); };
filter f_cron        { facility(CROND) or facility(cron); };
filter f_mail     { facility(mail); };
filter f_emergency     { level(emerg); };
filter f_spooler     { facility(uucp) or (facility(news) and level(crit)); 
};
filter f_boot        { facility(local7); };
filter f_hosts       { facility(local3) or facility(local4); };
# filter f_mesg     { level(info) or facility(mail) or facility(authpriv) or 
facility(user) and not facility(cron); };

log { source(s_sys); filter(f_auth); destination(d_auth); };
log { source(s_sys); filter(f_cron); destination(d_cron); };
log { source(s_sys); filter(f_mail); destination(d_mail); };
log { source(s_sys); filter(f_emergency); destination(d_mlal); };
log { source(s_sys); filter(f_spooler); destination(d_spol); };
log { source(s_sys); filter(f_boot); destination(d_boot); };
log { source(s_sys); filter(f_hosts); destination(d_hosts); };
# log { source(s_sys); filter(f_mesg); destination(d_mesg); };
log { source(s_sys); filter(DEFAULT); destination(d_mesg); };

Here is a sample of the /var/log/cron file that has a couple of the messages 
that aren't showing up:

Mar  6 15:10:00 chumly CROND[6213]: (root) CMD (/home/mrtg/run-rrd-cfgs)
Mar  6 15:15:00 chumly CROND[6232]: (root) CMD (/home/mrtg/run-rrd-cfgs)

I have implemented the init.d file that is included in the contrib 
directory, and between config file changes, used service syslog-ng restart 
to kick it into re-reading the new conf file.

Any ideas what I am doing wrong, or where to start looking?  I am relatively 
new to the whole linux world, but trying very hard to get a handle on 
things. :-)

Any help is appreciated.

Tim

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963