[syslog-ng]can't figure out how to convert syslog.conf entry
to syslog-ng
Wolfgang Braun
syslog-ng@lists.balabit.hu
Mon, 27 Dec 2004 19:10:16 +0100
Am Mo, den 27.12.2004 schrieb Philip J. Hollenback um 15:02:
> I have the following syslog.conf entry on my linux server:
>
[...]
> filter f_2 { not facility(mail); };
> filter f_3 { facility(mail) and level(err..emerg); };
[...]
> log {
> source(local);
> filter(f_1); filter(f_2); filter(f_3); filter(f_4);
> filter(f_5); filter(f_6); filter(f_7); filter(f_8);
> filter(f_9);
> destination(d_mesg);
> };
The message from source has to match ALL filters (AND'd together)
to be logged to destination. That's atleast what I read from chapter 2
(log paths) of the reference manual.
>
> Problem: this doesn't work; the above syslog-ng.conf entry doesn't
> send any messages to /var/log/messages.
(facility(mail)) AND (not facility(mail))= {}
[...]
>
> I've narrowed it down to something with the compound filter
> statements. If I remove f_3, f_6, and f_8, the entry starts working.
You could perhaps define a log{} statement for each filter rule.
> Thanks,
> P.
HTH
Wolfgang
--
Wolfgang Braun <wolfgang.braun@gmx.de>, Dipl. Inform. (FH)
gpg-key: 1024D/4B32CE55