[syslog-ng]syslog-ng 1.4.17 / cron messages / RH 7.3
Richard E. Perlotto II
syslog-ng@lists.balabit.hu
Wed, 19 Mar 2003 09:02:56 -0800
facility(CROND) is not a valid facility. You should be using
facility(cron).
Take a look at: http://www.campin.net/syslog-ng/expanded-syslog-ng.conf
for
a lot more details.
Richard
> -----Original Message-----
> From: syslog-ng-admin@lists.balabit.hu
> [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Tim Sheets
> Sent: Thursday, March 06, 2003 6:26 PM
> To: syslog-ng@lists.balabit.hu
> Subject: [syslog-ng]syslog-ng 1.4.17 / cron messages / RH 7.3
>
>
> Hello group,
>
> I have just installed syslog-ng 1.4.17 and playing with it on RH 7.3
>
> Initially I was getting crond messages in my logs (was
> attempting to send
> them to a separate cron log file, but they were ending up in both
> /var/log/cron as well as the standard /var/log/messages
> files. I tried to
> change the filter (I hadn't matched the case, etc...)
> thinking that may
> help. The messages stopped going to both places. I have
> tried various
> things like changing it back, re-organizing the filter/log statements
> (grasping at straws), and added a log entry for
> filter(DEFAULT), but I still
> can't seem to get them to come back.
>
> Here is my conf file:
>
> options { sync(0); chain_hostnames(no); dir_perm(0755); perm(0644);
> time_reopen(10); log_fifo_size(1000); long_hostnames(off);
> use__dns(yes);
> use_fqdn(yes); create_dirs(yes); keep_hostname(yes); };
>
> source s_sys { unix-stream("/dev/log"); internal(); udp(); };
>
> destination d_cons { file("/dev/console"); };
> destination d_mesg { file("/var/log/messages"); };
> destination d_auth { file("/var/log/secure"); };
> destination d_mail { file("/var/log/maillog"); };
> destination d_spol { file("/var/log/spooler"); };
> destination d_boot { file("/var/log/boot.log"); };
> destination d_hosts { file("/var/syslog/hosts/$YEAR/$MONTH/$HOST"
> owner(root) group(root) perm(0644) dir_perm(0700)
> create_dirs(yes)); }; destination d_mlal { usertty("*"); };
> destination d_cron { file("/var/log/cron"); };
>
> filter f_auth { facility(authpriv); };
> filter f_cron { facility(CROND) or facility(cron); };
> filter f_mail { facility(mail); };
> filter f_emergency { level(emerg); };
> filter f_spooler { facility(uucp) or (facility(news) and
> level(crit));
> };
> filter f_boot { facility(local7); };
> filter f_hosts { facility(local3) or facility(local4); };
> # filter f_mesg { level(info) or facility(mail) or
> facility(authpriv) or
> facility(user) and not facility(cron); };
>
> log { source(s_sys); filter(f_auth); destination(d_auth); };
> log { source(s_sys); filter(f_cron); destination(d_cron); };
> log { source(s_sys); filter(f_mail); destination(d_mail); };
> log { source(s_sys); filter(f_emergency);
> destination(d_mlal); }; log { source(s_sys);
> filter(f_spooler); destination(d_spol); }; log {
> source(s_sys); filter(f_boot); destination(d_boot); }; log {
> source(s_sys); filter(f_hosts); destination(d_hosts); }; #
> log { source(s_sys); filter(f_mesg); destination(d_mesg); };
> log { source(s_sys); filter(DEFAULT); destination(d_mesg); };
>
> Here is a sample of the /var/log/cron file that has a couple
> of the messages
> that aren't showing up:
>
> Mar 6 15:10:00 chumly CROND[6213]: (root) CMD
> (/home/mrtg/run-rrd-cfgs) Mar 6 15:15:00 chumly CROND[6232]:
> (root) CMD (/home/mrtg/run-rrd-cfgs)
>
> I have implemented the init.d file that is included in the contrib
> directory, and between config file changes, used service
> syslog-ng restart
> to kick it into re-reading the new conf file.
>
> Any ideas what I am doing wrong, or where to start looking?
> I am relatively
> new to the whole linux world, but trying very hard to get a handle on
> things. :-)
>
> Any help is appreciated.
>
> Tim
>
> _________________________________________________________________
> Protect your PC - get McAfee.com VirusScan Online
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/sysl> og-ng
>
> Frequently asked questions at
> http://www.campin.net/syslog-ng/faq.html
>
>
>