[syslog-ng]can't figure out how to convert syslog.conf entry to syslog-ng
Philip J. Hollenback
syslog-ng@lists.balabit.hu
Mon, 27 Dec 2004 09:02:11 -0500
I have the following syslog.conf entry on my linux server:
*.info;mail.none;mail.err;authpriv.none;auth.none;auth.warning;cron.none;cron.warning;local0.none /var/log/messages
The syslog2ng script converts it to this:
destination d_mesg { file("/var/log/messages"); };
filter f_1 { level(info..emerg); };
filter f_2 { not facility(mail); };
filter f_3 { facility(mail) and level(err..emerg); };
filter f_4 { not facility(authpriv); };
filter f_5 { not facility(auth); };
filter f_6 { facility(auth) and level(warning..emerg); };
filter f_7 { not facility(cron); };
filter f_8 { facility(cron) and level(warning..emerg); };
filter f_9 { not facility(local0); };
log {
source(local);
filter(f_1); filter(f_2); filter(f_3); filter(f_4);
filter(f_5); filter(f_6); filter(f_7); filter(f_8);
filter(f_9);
destination(d_mesg);
};
Problem: this doesn't work; the above syslog-ng.conf entry doesn't
send any messages to /var/log/messages. I know syslog-ng is working
because other entries in the config file do catch messages as they
should.
I've narrowed it down to something with the compound filter
statements. If I remove f_3, f_6, and f_8, the entry starts working.
Works correctly on regular syslog.
syslog-ng version 1.6.5.
Thanks,
P.
--
Philip J. Hollenback
Telemetry Investments
phollenback@telemetry-investments.com