Re: [syslog-ng]Re: [syslog-ng]what´s wrong?

Denis Kot syslog-ng@lists.balabit.hu
Fri, 18 Feb 2005 23:05:59 +0200 

so I must create a filter something like
filter f_filer  { not filter(f_smbd); }; and this filter put to log?


On Fri, 18 Feb 2005 11:11:49 -0500, Mike Pepe <lamune@doki-doki.net> wrote:
> Denis,
> 
> I'm no expert at this yet, but I think the problem is that the regular
> syslog rule matches and it's writing the result to more than one place.
> This is entirely possible.
> 
> As an example, here's what I did to stop that in my rule that logs
> iptables hits to a different file on linux:
> 
> destination d_iptables   { file("/var/log/iptables"); };
> destination d_mesg { file("/var/log/messages"); };
> 
> filter f_iptables  { match("Inbound"); };
> filter f_filter2   { level(info..emerg) and
>                       not facility(mail,authpriv,cron) and
>                       not match("Inbound"); };
> 
> log { source(s_sys); filter(f_iptables); destination(d_iptables); };
> log { source(s_sys); filter(f_filter2); destination(d_mesg); };
> 
> Note the not match that excludes the Inbound events from going to syslog.
> 
> There may be a better way to do this, but it works for me so far.
> 
> -Mike
> 
> Denis Kot wrote:
> > Hello to All
> >
> > I want to messages from smbd and nmbd to redirect to another logfile
> > I have:
> >
> > source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); }=
;
> >
> > destination messages { file("/var/log/messages"); };
> > destination d_smbd { file("/var/log/smbd"); };
> >
> > filter f_smbd { program(smbd.*) or match(smbd); };
> > filter f_nmbd { program(nmbd.*) or match(nmbd); };
> >
> > log { source(src); filter(f_smbd); destination(d_smbd); };
> > log { source(src); filter(f_nmbd); destination(d_smbd); };
> > log { source(src); destination(messages); };
> >
> > but messages like:
> > Feb 18 15:02:57 gate smbd[1089]: [2005/02/18 15:02:57, 0]
> > lib/util_sock.c:get_peer_addr(1000)
> > Feb 18 15:02:57 gate smbd[1089]:   getpeername failed. Error was
> > Transport endpoint is not connected
> > or
> > Feb 18 15:04:14 gate nmbd[15845]: [2005/02/18 15:04:14, 0]
> > nmbd/nmbd_incomingdgrams.c:process_get_backup_list_request(693)
> > Feb 18 15:04:14 gate nmbd[15845]:   process_get_backup_list_request:
> > domain list requested for workgroup MASSNET and I am not a local
> > master browser.
> >
> > still going to /var/log/messages...
> > what´s wrong?
> >
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
> 


-- 
Denis Kot
denis?jabber.org.by
ICQ: 13680126
Mobil: +375 29 6-1234-78