[syslog-ng]syslog duplicate entries

Dylan Bouterse syslog-ng@lists.balabit.hu
Tue, 24 Feb 2004 14:02:48 -0500


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C3FB08.CB0246A0
Content-Type: text/plain;
	charset="iso-8859-1"

Should I be able to remove all of the destination lines following std and
still get the localhost's log information to it's host directory based on
the "destination std" line?
 
Dylan

-----Original Message-----
From: Hamilton Andrew [mailto:Andrew.Hamilton@afccc.af.mil]
Sent: Tuesday, February 24, 2004 12:33 PM
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]syslog duplicate entries



Look at your filter, f_syslog, destination d_syslog, and your log line that
includes d_syslog.  Your filter f_syslog includes everything except
facilities auth, and authpriv.  If you are confident that you don't need
your syslog line you can comment that out as well to keep you from getting
duplicates in you /var/log/syslog file.

Regards, 

Drew 

-----Original Message----- 
From: Dylan (FHMS) [ mailto:dhbouterse@fhmsi.com
<mailto:dhbouterse@fhmsi.com> ] 
Sent: Tuesday, February 24, 2004 12:25 PM 
To: 'syslog-ng@lists.balabit.hu' 
Subject: [syslog-ng]syslog duplicate entries 


I have my syslog-ng setup so that external syslog hosts are creating their 
own dir and log file (see conf file below). One problem I'm having is that 
all of the hosts' logs are being written to /var/log/syslog as 
well...creating a 6Gig file or larger per week. Can someone please point out

what I can change with my conf file to eliminate the duplicate entries? 
Thank you! 

Dylan 

############################################# 
### syslog-ng.conf file 
############################################# 

options 
  { 
    check_hostname(yes); 
    chain_hostnames(no); 
    create_dirs (yes); 
    dir_perm(0755); 
    dns_cache(yes); 
    keep_hostname(yes); 
    log_fifo_size(2048); 
    log_msg_size(8192); 
    long_hostnames(on); 
    perm(0644); 
    stats(3600); 
    sync(0); 
    time_reopen (10); 
    use_dns(yes); 
    use_fqdn(no); 
  }; 
# 
# This is the default behavior of sysklogd package 
# Logs may come from unix stream, but not from another machine. 
# 
#source src { unix-dgram("/dev/log"); internal(); }; 

# 
# If you wish to get logs from remote machine you should uncomment 
# this and comment the above source line. 
# 
source src { unix-dgram("/dev/log"); internal(); udp(); tcp(port(514) 
keep-alive(yes) max-connections(25));}; 

destination std { 
# 
file("/var/log/HOSTS/$YEAR/$HOST/$MONTH/$FACILITY_$HOST_$YEAR_$MONTH_$DAY" 
        file("/var/log/HOSTS/$HOST/$HOST.syslog" 

        owner(nagios) group(nagios) perm(0600) dir_perm(0700) 
create_dirs(yes) 
        ); 
}; 

# After that set destinations. 

# First some standard logfile 
# 
destination authlog { file("/var/log/auth.log" owner("root") group("adm") 
perm(0640)); }; 
destination syslog { file("/var/log/syslog" owner("root") group("adm") 
perm(0640)); }; 
destination cron { file("/var/log/cron.log" owner("root") group("adm") 
perm(0640)); }; 
destination daemon { file("/var/log/daemon.log" owner("root") group("adm") 
perm(0640)); }; 
destination kern { file("/var/log/kern.log" owner("root") group("adm") 
perm(0640)); }; 
destination lpr { file("/var/log/lpr.log" owner("root") group("adm") 
perm(0640)); }; 
destination mail { file("/var/log/mail.log" owner("root") group("adm") 
perm(0640)); }; 
destination user { file("/var/log/user.log" owner("root") group("adm") 
perm(0640)); }; 
destination uucp { file("/var/log/uucp.log" owner("root") group("adm") 
perm(0640)); }; 


# This files are the log come from the mail subsystem. 
# 
destination mailinfo { file("/var/log/mail.info" owner("root") group("adm") 
perm(0640)); }; 
destination mailwarn { file("/var/log/mail.warn" owner("root") group("adm") 
perm(0640)); }; 
destination mailerr { file("/var/log/mail.err" owner("root") group("adm") 
perm(0640)); }; 

# Logging for INN news system 
# 
destination newscrit { file("/var/log/news/news.crit" owner("root") 
group("adm") 
perm(0640)); }; 
destination newserr { file("/var/log/news/news.err" owner("root") 
group("adm") 
perm(0640)); }; 
destination newsnotice { file("/var/log/news/news.notice" owner("root") 
group("adm") perm(0640)); }; 

# Some `catch-all' logfiles. 
# 
#destination debug { file("/var/log/debug" owner("root") group("adm") 
#perm(0640)); }; 
#destination messages { file("/var/log/messages" owner("root") group("adm") 
#perm(0640)); }; 

# The root's console. 
# 
destination console { usertty("root"); }; 

# Virtual console. 
# 
destination console_all { file("/dev/tty8"); }; 

# The named pipe /dev/xconsole is for the nsole' utility.  To use it, 
# you must invoke nsole' with the -file' option: 
# 
#    $ xconsole -file /dev/xconsole [...] 
# 
#destination xconsole { pipe("/dev/xconsole"); }; 

destination ppp { file("/var/log/ppp.log" owner("root") group("adm") 
perm(0640)); }; 

# Here's come the filter options. With this rules, we can set which 
# message go where. 

filter f_authpriv { facility(auth, authpriv); }; 
filter f_syslog { not facility(auth, authpriv); }; 
filter f_cron { facility(cron); }; 
filter f_daemon { facility(daemon); }; 
filter f_kern { facility(kern); }; 
filter f_lpr { facility(lpr); }; 
filter f_mail { facility(mail); }; 
filter f_user { facility(user); }; 
filter f_uucp { facility(uucp); }; 

filter f_news { facility(news); }; 

filter f_debug { not facility(auth, authpriv, news, mail); }; 
filter f_messages { level(info .. warn) 
        and not facility(auth, authpriv, cron, daemon, mail, news); }; 
filter f_emergency { level(emerg); }; 

filter f_info { level(info); }; 
filter f_notice { level(notice); }; 
filter f_warn { level(warn); }; 
filter f_crit { level(crit); }; 
filter f_err { level(err); }; 

filter f_cnews { level(notice, err, crit) and facility(news); }; 
filter f_cother { level(debug, info, notice, warn) or facility(daemon, 
mail); 
}; 

filter ppp { facility(local2); }; 

log { source(src); filter(f_authpriv); destination(authlog); }; 
log { source(src); filter(f_syslog); destination(syslog); }; 
#log { source(src); filter(f_cron); destination(cron); }; 
log { source(src); filter(f_daemon); destination(daemon); }; 
log { source(src); filter(f_kern); destination(kern); }; 
log { source(src); filter(f_lpr); destination(lpr); }; 
log { source(src); filter(f_mail); destination(mail); }; 
log { source(src); filter(f_user); destination(user); }; 
log { source(src); filter(f_uucp); destination(uucp); }; 
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };

log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };

log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; 
log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };

log { source(src); filter(f_news); filter(f_err); destination(newserr); }; 
log { source(src); filter(f_news); filter(f_notice); 
destination(newsnotice); 
}; 
#log { source(src); filter(f_debug); destination(debug); }; 
#log { source(src); filter(f_messages); destination(messages); }; 
log { source(src); filter(f_emergency); destination(console); }; 

#log { source(src); filter(f_cnews); destination(console_all); }; 
#log { source(src); filter(f_cother); destination(console_all); }; 


####log { source(src); filter(f_cnews); destination(xconsole); }; 
###log { source(src); filter(f_cother); destination(xconsole); }; 

log { source(src); filter(ppp); destination(ppp); }; 

log { 
        source(src); 
        destination(std); 
}; 

_______________________________________________ 
syslog-ng maillist  -  syslog-ng@lists.balabit.hu 
https://lists.balabit.hu/mailman/listinfo/syslog-ng
<https://lists.balabit.hu/mailman/listinfo/syslog-ng>  
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
<http://www.campin.net/syslog-ng/faq.html>  


------_=_NextPart_001_01C3FB08.CB0246A0
Content-Type: text/html;
	charset="iso-8859-1"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>RE: [syslog-ng]syslog duplicate entries</TITLE>

<META content="MSHTML 6.00.2800.1276" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=167560119-24022004><FONT face=Arial color=#0000ff size=2>Should 
I be able to remove all of the destination lines following std and still get the 
localhost's log information to it's host directory based on the "destination 
std" line?</FONT></SPAN></DIV>
<DIV><SPAN class=167560119-24022004><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=167560119-24022004><FONT face=Arial color=#0000ff 
size=2>Dylan</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
  <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma 
  size=2>-----Original Message-----<BR><B>From:</B> Hamilton Andrew 
  [mailto:Andrew.Hamilton@afccc.af.mil]<BR><B>Sent:</B> Tuesday, February 24, 
  2004 12:33 PM<BR><B>To:</B> syslog-ng@lists.balabit.hu<BR><B>Subject:</B> RE: 
  [syslog-ng]syslog duplicate entries<BR><BR></FONT></DIV>
  <P><FONT size=2>Look at your filter, f_syslog, destination d_syslog, and your 
  log line that includes d_syslog.&nbsp; Your filter f_syslog includes 
  everything except facilities auth, and authpriv.&nbsp; If you are confident 
  that you don't need your syslog line you can comment that out as well to keep 
  you from getting duplicates in you /var/log/syslog file.</FONT></P>
  <P><FONT size=2>Regards,</FONT> </P>
  <P><FONT size=2>Drew</FONT> </P>
  <P><FONT size=2>-----Original Message-----</FONT> <BR><FONT size=2>From: Dylan 
  (FHMS) [<A 
  href="mailto:dhbouterse@fhmsi.com">mailto:dhbouterse@fhmsi.com</A>]</FONT> 
  <BR><FONT size=2>Sent: Tuesday, February 24, 2004 12:25 PM</FONT> <BR><FONT 
  size=2>To: 'syslog-ng@lists.balabit.hu'</FONT> <BR><FONT size=2>Subject: 
  [syslog-ng]syslog duplicate entries</FONT> </P><BR>
  <P><FONT size=2>I have my syslog-ng setup so that external syslog hosts are 
  creating their</FONT> <BR><FONT size=2>own dir and log file (see conf file 
  below). One problem I'm having is that</FONT> <BR><FONT size=2>all of the 
  hosts' logs are being written to /var/log/syslog as</FONT> <BR><FONT 
  size=2>well...creating a 6Gig file or larger per week. Can someone please 
  point out</FONT> <BR><FONT size=2>what I can change with my conf file to 
  eliminate the duplicate entries?</FONT> <BR><FONT size=2>Thank you!</FONT> 
</P>
  <P><FONT size=2>Dylan</FONT> </P>
  <P><FONT size=2>#############################################</FONT> <BR><FONT 
  size=2>### syslog-ng.conf file</FONT> <BR><FONT 
  size=2>#############################################</FONT> </P>
  <P><FONT size=2>options</FONT> <BR><FONT size=2>&nbsp; {</FONT> <BR><FONT 
  size=2>&nbsp;&nbsp;&nbsp; check_hostname(yes);</FONT> <BR><FONT 
  size=2>&nbsp;&nbsp;&nbsp; chain_hostnames(no);</FONT> <BR><FONT 
  size=2>&nbsp;&nbsp;&nbsp; create_dirs (yes);</FONT> <BR><FONT 
  size=2>&nbsp;&nbsp;&nbsp; dir_perm(0755);</FONT> <BR><FONT 
  size=2>&nbsp;&nbsp;&nbsp; dns_cache(yes);</FONT> <BR><FONT 
  size=2>&nbsp;&nbsp;&nbsp; keep_hostname(yes);</FONT> <BR><FONT 
  size=2>&nbsp;&nbsp;&nbsp; log_fifo_size(2048);</FONT> <BR><FONT 
  size=2>&nbsp;&nbsp;&nbsp; log_msg_size(8192);</FONT> <BR><FONT 
  size=2>&nbsp;&nbsp;&nbsp; long_hostnames(on);</FONT> <BR><FONT 
  size=2>&nbsp;&nbsp;&nbsp; perm(0644);</FONT> <BR><FONT 
  size=2>&nbsp;&nbsp;&nbsp; stats(3600);</FONT> <BR><FONT 
  size=2>&nbsp;&nbsp;&nbsp; sync(0);</FONT> <BR><FONT size=2>&nbsp;&nbsp;&nbsp; 
  time_reopen (10);</FONT> <BR><FONT size=2>&nbsp;&nbsp;&nbsp; 
  use_dns(yes);</FONT> <BR><FONT size=2>&nbsp;&nbsp;&nbsp; use_fqdn(no);</FONT> 
  <BR><FONT size=2>&nbsp; };</FONT> <BR><FONT size=2>#</FONT> <BR><FONT size=2># 
  This is the default behavior of sysklogd package</FONT> <BR><FONT size=2># 
  Logs may come from unix stream, but not from another machine.</FONT> <BR><FONT 
  size=2>#</FONT> <BR><FONT size=2>#source src { unix-dgram("/dev/log"); 
  internal(); };</FONT> </P>
  <P><FONT size=2>#</FONT> <BR><FONT size=2># If you wish to get logs from 
  remote machine you should uncomment</FONT> <BR><FONT size=2># this and comment 
  the above source line.</FONT> <BR><FONT size=2>#</FONT> <BR><FONT 
  size=2>source src { unix-dgram("/dev/log"); internal(); udp(); 
  tcp(port(514)</FONT> <BR><FONT size=2>keep-alive(yes) 
  max-connections(25));};</FONT> </P>
  <P><FONT size=2>destination std {</FONT> <BR><FONT size=2>#</FONT> <BR><FONT 
  size=2>file("/var/log/HOSTS/$YEAR/$HOST/$MONTH/$FACILITY_$HOST_$YEAR_$MONTH_$DAY"</FONT> 
  <BR><FONT size=2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  file("/var/log/HOSTS/$HOST/$HOST.syslog"</FONT> </P>
  <P><FONT size=2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; owner(nagios) 
  group(nagios) perm(0600) dir_perm(0700)</FONT> <BR><FONT 
  size=2>create_dirs(yes)</FONT> <BR><FONT 
  size=2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; );</FONT> <BR><FONT 
  size=2>};</FONT> </P>
  <P><FONT size=2># After that set destinations.</FONT> </P>
  <P><FONT size=2># First some standard logfile</FONT> <BR><FONT size=2>#</FONT> 
  <BR><FONT size=2>destination authlog { file("/var/log/auth.log" owner("root") 
  group("adm")</FONT> <BR><FONT size=2>perm(0640)); };</FONT> <BR><FONT 
  size=2>destination syslog { file("/var/log/syslog" owner("root") 
  group("adm")</FONT> <BR><FONT size=2>perm(0640)); };</FONT> <BR><FONT 
  size=2>destination cron { file("/var/log/cron.log" owner("root") 
  group("adm")</FONT> <BR><FONT size=2>perm(0640)); };</FONT> <BR><FONT 
  size=2>destination daemon { file("/var/log/daemon.log" owner("root") 
  group("adm")</FONT> <BR><FONT size=2>perm(0640)); };</FONT> <BR><FONT 
  size=2>destination kern { file("/var/log/kern.log" owner("root") 
  group("adm")</FONT> <BR><FONT size=2>perm(0640)); };</FONT> <BR><FONT 
  size=2>destination lpr { file("/var/log/lpr.log" owner("root") 
  group("adm")</FONT> <BR><FONT size=2>perm(0640)); };</FONT> <BR><FONT 
  size=2>destination mail { file("/var/log/mail.log" owner("root") 
  group("adm")</FONT> <BR><FONT size=2>perm(0640)); };</FONT> <BR><FONT 
  size=2>destination user { file("/var/log/user.log" owner("root") 
  group("adm")</FONT> <BR><FONT size=2>perm(0640)); };</FONT> <BR><FONT 
  size=2>destination uucp { file("/var/log/uucp.log" owner("root") 
  group("adm")</FONT> <BR><FONT size=2>perm(0640)); };</FONT> </P><BR>
  <P><FONT size=2># This files are the log come from the mail subsystem.</FONT> 
  <BR><FONT size=2>#</FONT> <BR><FONT size=2>destination mailinfo { 
  file("/var/log/mail.info" owner("root") group("adm")</FONT> <BR><FONT 
  size=2>perm(0640)); };</FONT> <BR><FONT size=2>destination mailwarn { 
  file("/var/log/mail.warn" owner("root") group("adm")</FONT> <BR><FONT 
  size=2>perm(0640)); };</FONT> <BR><FONT size=2>destination mailerr { 
  file("/var/log/mail.err" owner("root") group("adm")</FONT> <BR><FONT 
  size=2>perm(0640)); };</FONT> </P>
  <P><FONT size=2># Logging for INN news system</FONT> <BR><FONT size=2>#</FONT> 
  <BR><FONT size=2>destination newscrit { file("/var/log/news/news.crit" 
  owner("root")</FONT> <BR><FONT size=2>group("adm")</FONT> <BR><FONT 
  size=2>perm(0640)); };</FONT> <BR><FONT size=2>destination newserr { 
  file("/var/log/news/news.err" owner("root")</FONT> <BR><FONT 
  size=2>group("adm")</FONT> <BR><FONT size=2>perm(0640)); };</FONT> <BR><FONT 
  size=2>destination newsnotice { file("/var/log/news/news.notice" 
  owner("root")</FONT> <BR><FONT size=2>group("adm") perm(0640)); };</FONT> </P>
  <P><FONT size=2># Some `catch-all' logfiles.</FONT> <BR><FONT size=2>#</FONT> 
  <BR><FONT size=2>#destination debug { file("/var/log/debug" owner("root") 
  group("adm")</FONT> <BR><FONT size=2>#perm(0640)); };</FONT> <BR><FONT 
  size=2>#destination messages { file("/var/log/messages" owner("root") 
  group("adm")</FONT> <BR><FONT size=2>#perm(0640)); };</FONT> </P>
  <P><FONT size=2># The root's console.</FONT> <BR><FONT size=2>#</FONT> 
  <BR><FONT size=2>destination console { usertty("root"); };</FONT> </P>
  <P><FONT size=2># Virtual console.</FONT> <BR><FONT size=2>#</FONT> <BR><FONT 
  size=2>destination console_all { file("/dev/tty8"); };</FONT> </P>
  <P><FONT size=2># The named pipe /dev/xconsole is for the nsole' 
  utility.&nbsp; To use it,</FONT> <BR><FONT size=2># you must invoke nsole' 
  with the -file' option:</FONT> <BR><FONT size=2>#</FONT> <BR><FONT 
  size=2>#&nbsp;&nbsp;&nbsp; $ xconsole -file /dev/xconsole [...]</FONT> 
  <BR><FONT size=2>#</FONT> <BR><FONT size=2>#destination xconsole { 
  pipe("/dev/xconsole"); };</FONT> </P>
  <P><FONT size=2>destination ppp { file("/var/log/ppp.log" owner("root") 
  group("adm")</FONT> <BR><FONT size=2>perm(0640)); };</FONT> </P>
  <P><FONT size=2># Here's come the filter options. With this rules, we can set 
  which</FONT> <BR><FONT size=2># message go where.</FONT> </P>
  <P><FONT size=2>filter f_authpriv { facility(auth, authpriv); };</FONT> 
  <BR><FONT size=2>filter f_syslog { not facility(auth, authpriv); };</FONT> 
  <BR><FONT size=2>filter f_cron { facility(cron); };</FONT> <BR><FONT 
  size=2>filter f_daemon { facility(daemon); };</FONT> <BR><FONT size=2>filter 
  f_kern { facility(kern); };</FONT> <BR><FONT size=2>filter f_lpr { 
  facility(lpr); };</FONT> <BR><FONT size=2>filter f_mail { facility(mail); 
  };</FONT> <BR><FONT size=2>filter f_user { facility(user); };</FONT> <BR><FONT 
  size=2>filter f_uucp { facility(uucp); };</FONT> </P>
  <P><FONT size=2>filter f_news { facility(news); };</FONT> </P>
  <P><FONT size=2>filter f_debug { not facility(auth, authpriv, news, mail); 
  };</FONT> <BR><FONT size=2>filter f_messages { level(info .. warn)</FONT> 
  <BR><FONT size=2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; and not 
  facility(auth, authpriv, cron, daemon, mail, news); };</FONT> <BR><FONT 
  size=2>filter f_emergency { level(emerg); };</FONT> </P>
  <P><FONT size=2>filter f_info { level(info); };</FONT> <BR><FONT size=2>filter 
  f_notice { level(notice); };</FONT> <BR><FONT size=2>filter f_warn { 
  level(warn); };</FONT> <BR><FONT size=2>filter f_crit { level(crit); };</FONT> 
  <BR><FONT size=2>filter f_err { level(err); };</FONT> </P>
  <P><FONT size=2>filter f_cnews { level(notice, err, crit) and facility(news); 
  };</FONT> <BR><FONT size=2>filter f_cother { level(debug, info, notice, warn) 
  or facility(daemon,</FONT> <BR><FONT size=2>mail);</FONT> <BR><FONT 
  size=2>};</FONT> </P>
  <P><FONT size=2>filter ppp { facility(local2); };</FONT> </P>
  <P><FONT size=2>log { source(src); filter(f_authpriv); destination(authlog); 
  };</FONT> <BR><FONT size=2>log { source(src); filter(f_syslog); 
  destination(syslog); };</FONT> <BR><FONT size=2>#log { source(src); 
  filter(f_cron); destination(cron); };</FONT> <BR><FONT size=2>log { 
  source(src); filter(f_daemon); destination(daemon); };</FONT> <BR><FONT 
  size=2>log { source(src); filter(f_kern); destination(kern); };</FONT> 
  <BR><FONT size=2>log { source(src); filter(f_lpr); destination(lpr); };</FONT> 
  <BR><FONT size=2>log { source(src); filter(f_mail); destination(mail); 
  };</FONT> <BR><FONT size=2>log { source(src); filter(f_user); 
  destination(user); };</FONT> <BR><FONT size=2>log { source(src); 
  filter(f_uucp); destination(uucp); };</FONT> <BR><FONT size=2>log { 
  source(src); filter(f_mail); filter(f_info); destination(mailinfo); };</FONT> 
  <BR><FONT size=2>log { source(src); filter(f_mail); filter(f_warn); 
  destination(mailwarn); };</FONT> <BR><FONT size=2>log { source(src); 
  filter(f_mail); filter(f_err); destination(mailerr); };</FONT> <BR><FONT 
  size=2>log { source(src); filter(f_news); filter(f_crit); 
  destination(newscrit); };</FONT> <BR><FONT size=2>log { source(src); 
  filter(f_news); filter(f_err); destination(newserr); };</FONT> <BR><FONT 
  size=2>log { source(src); filter(f_news); filter(f_notice);</FONT> <BR><FONT 
  size=2>destination(newsnotice);</FONT> <BR><FONT size=2>};</FONT> <BR><FONT 
  size=2>#log { source(src); filter(f_debug); destination(debug); };</FONT> 
  <BR><FONT size=2>#log { source(src); filter(f_messages); 
  destination(messages); };</FONT> <BR><FONT size=2>log { source(src); 
  filter(f_emergency); destination(console); };</FONT> </P>
  <P><FONT size=2>#log { source(src); filter(f_cnews); destination(console_all); 
  };</FONT> <BR><FONT size=2>#log { source(src); filter(f_cother); 
  destination(console_all); };</FONT> </P><BR>
  <P><FONT size=2>####log { source(src); filter(f_cnews); destination(xconsole); 
  };</FONT> <BR><FONT size=2>###log { source(src); filter(f_cother); 
  destination(xconsole); };</FONT> </P>
  <P><FONT size=2>log { source(src); filter(ppp); destination(ppp); };</FONT> 
  </P>
  <P><FONT size=2>log {</FONT> <BR><FONT 
  size=2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; source(src);</FONT> 
  <BR><FONT size=2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  destination(std);</FONT> <BR><FONT size=2>};</FONT> </P>
  <P><FONT size=2>_______________________________________________</FONT> 
  <BR><FONT size=2>syslog-ng maillist&nbsp; -&nbsp; 
  syslog-ng@lists.balabit.hu</FONT> <BR><FONT size=2><A 
  href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" 
  target=_blank>https://lists.balabit.hu/mailman/listinfo/syslog-ng</A></FONT> 
  <BR><FONT size=2>Frequently asked questions at <A 
  href="http://www.campin.net/syslog-ng/faq.html" 
  target=_blank>http://www.campin.net/syslog-ng/faq.html</A></FONT> 
</P></BLOCKQUOTE></BODY></HTML>

------_=_NextPart_001_01C3FB08.CB0246A0--