[syslog-ng]Entries being logged to /var/log/messages
aswellas/var/log/HOSTS//$MONTH/$DAY/$HOS
Fred Turner
syslog-ng@lists.balabit.hu
Sat, 29 Jan 2005 14:09:50 -0500
Works great! Thanks...=0A=0A=0A>>> Bill Nash <billn@billn.net> 1/29/2005 2:0=
1:52 PM >>>=0AOn Sat, 29 Jan 2005, Fred Turner wrote:=0A=0A> Here is my sour=
ce.. How would I go about doing that? Sorry I'm still pretty new with syslog=
0ng (3 hrs)...=0A>=0A=0ANo worries =3D)=0A=0A>=0A>=0A>=0A> source src {=0A> =
unix-stream("/dev/log");=0A> internal();=0A> udp();=0A>=
tcp(port(5140) keep-alive(yes));=0A>=0A>=0A=0AGrab the udp and tcp e=
ntries, and create a new source.=0A=0Asource src { unix-stream("/dev/log");=
=0A internal;=0A };=0Asource remote_hosts { tcp(port(5140) keep-a=
live(yes); udp());=0Alog { source(remotes_hosts); destination(std); }=0A=0AC=
hanging just the 'src' source, and adding the other two entries, will =
=0Akeep your existing config working as I described, local logging from your=
=
=0Aloghost processes to /var/log/messages where you'd expect them, and all =
=0Ayour remote hosts logging to your 'dst' directory structure.=0A=0AMake se=
nse? =3D)=0A=0A- billn=0A=0A>>>> Bill Nash <billn@billn.net> 1/29/2005 1:46:=
15 PM >>>=0A>=0A> Syslog will log to multiple destinations if you set them. =
As below, you=0A> have multiple facilities still logging to messages.=0A>=
=0A> Does your 'src' source include your network ports, for receiving data f=
rom=0A> remote hosts? If it does, separate it to a new source and pair it wi=
th=0A> your 'std' destination, exclusively. This will keep your local logs=
=0A> separate from your remote logs.=0A>=0A> - billn=0A>=0A> On Sat, 29 Jan =
2005, Fred Turner wrote:=0A>=0A>> Sure, it's as follows.=0A>>=0A>> destinati=
on debug { file("/var/log/debug"); };=0A>> destination messages { file("/var=
/log/messages"); };=0A>>=0A>>=0A>> log { source(src); filter(f_daemon); dest=
ination(messages); };=0A>> log { source(src); filter(f_kern); destination(me=
ssages); };=0A>> log { source(src); filter(f_lpr); destination(lpr); };=0A>>=
log { source(src); filter(f_mail); destination(mail); };=0A>> log { source(=
src); filter(f_user); destination(messages); };=0A>> log { source(src); filt=
er(f_uucp); destination(uucp); };=0A>> log { source(src); filter(f_mail); de=
stination(maillog); };=0A>> log { source(src); filter(f_mail); filter(f_info=
); destination(mailinfo); };=0A>> log { source(src); filter(f_mail); filter(=
f_warn); destination(mailwarn); };=0A>> log { source(src); filter(f_mail); f=
ilter(f_err); destination(mailerr); };=0A>> log { source(src); filter(f_news=
); filter(f_crit); destination(newscrit); };=0A>> log { source(src); filter(=
f_news); filter(f_err); destination(newserr); };=0A>> log { source(src); fil=
ter(f_news); filter(f_notice); destination(newsnotice); };=0A>> log { source=
(src); filter(f_messages); destination(messages); };=0A>> log { source(src);=
filter(f_emergency); destination(console); };=0A>>=0A>>=0A>>=0A>>=0A>>>>> B=
ill Nash <billn@billn.net> 1/29/2005 1:15:26 PM >>>=0A>>=0A>> Can you includ=
e your log directive? Chances are, that's the culprit.=0A>>=0A>> - billn=0A>=
>=0A>>=0A>> On Sat, 29 Jan 2005, Fred Turner wrote:=0A>>=0A>>> Hi, I'm new t=
o syslog-ng and have configured it to be a loghost for many different firewa=
ll appliances. So I setup an automatic sorting entry as per the faq as follo=
ws:=0A>>>=0A>>> destination std {=0A>>> file("/var/log/HOSTS/$MONTH/$=
DAY/$HOST-$YEAR-$MONTH-$DAY"=0A>>> owner(root) group(root) pe=
rm(0600) dir_perm(0700) create_dirs(yes)=0A>>> );=0A>>>=0A>>>=0A>>> W=
hich works prefect The only problem is that it's also putting them in the /v=
ar/log/messages log.=0A>>>=0A>>> How Can I stop the behavior as it's creatin=
g a huge /var/log/messages log.=0A>>>=0A>>>=0A>>> Thanks=0A>>>=0A>>>=0A>>> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A>>>=0A>>> NOTE: This emai=
l and any files transmitted with it are confidential and intended solely for=
the use of the individual or entity to whom they are addressed. If you have=
received this email in error please notify the sender. Please note that any=
views or opinions presented in this email are solely those of the author an=
d do not necessarily represent those of BBi Enterprises Inc.=0A>>> Finally, =
the recipient should check this email and any attachments for the presence o=
f viruses. BBi Enterprises Inc. accepts no liability for any damage caused b=
y any virus transmitted by this email.=0A>>>=0A>>>=0A>>> ___________________=
____________________________=0A>>> syslog-ng maillist - syslog-ng@lists.ba=
labit.hu =
=0A>>> https://lists.balabit.hu/mailman/listinfo/syslog-ng =
=0A>>> Frequently asked questions at http://www.campin.net/syslog-ng/faq.htm=
l =
=0A>>>=0A>>>=0A>> _______________________________________________=0A>> syslo=
g-ng maillist - syslog-ng@lists.balabit.hu =
=0A>> https://lists.balabit.hu/mailman/listinfo/syslog-ng =
=0A>> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html=
=
=0A>>=0A>>=0A>>=0A>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A>>=
=0A>> NOTE: This email and any files transmitted with it are confidential an=
d intended solely for the use of the individual or entity to whom they are a=
ddressed. If you have received this email in error please notify the sender.=
Please note that any views or opinions presented in this email are solely t=
hose of the author and do not necessarily represent those of BBi Enterprises=
Inc.=0A>> Finally, the recipient should check this email and any attachment=
s for the presence of viruses. BBi Enterprises Inc. accepts no liability for=
any damage caused by any virus transmitted by this email.=0A>>=0A>>=0A>> __=
_____________________________________________=0A>> syslog-ng maillist - sy=
slog-ng@lists.balabit.hu =
=0A>> https://lists.balabit.hu/mailman/listinfo/syslog-ng =0A>> Frequently a=
sked questions at http://www.campin.net/syslog-ng/faq.html =
=0A>>=0A>>=0A> _______________________________________________=0A> syslog-ng=
maillist - syslog-ng@lists.balabit.hu =
=0A> https://lists.balabit.hu/mailman/listinfo/syslog-ng =
=0A> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html =
=0A>=0A>=0A> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A>=0A> NOTE=
: This email and any files transmitted with it are confidential and intended=
solely for the use of the individual or entity to whom they are addressed. =
If you have received this email in error please notify the sender. Please no=
te that any views or opinions presented in this email are solely those of th=
e author and do not necessarily represent those of BBi Enterprises Inc.=0A> =
Finally, the recipient should check this email and any attachments for the p=
resence of viruses. BBi Enterprises Inc. accepts no liability for any damage=
caused by any virus transmitted by this email.=0A>=0A>=0A> ________________=
_______________________________=0A> syslog-ng maillist - syslog-ng@lists.b=
alabit.hu =
=0A> https://lists.balabit.hu/mailman/listinfo/syslog-ng =
=0A> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html =
=0A>=0A>=0A_______________________________________________=0Asyslog-ng maill=
ist - syslog-ng@lists.balabit.huhs that it's also putting them in the =
=0Ahttps://lists.balabit.hu/mailman/listinfo/syslog-ng =
=0AFrequently asked questions at http://www.campin.net/syslog-ng/faq.html =
=0A=0A=0A=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=0ANOTE: This em=
ail and any files transmitted with it are confidential and intended solely f=
or the use of the individual or entity to whom they are addressed. If you ha=
ve received this email in error please notify the sender. Please note that a=
ny views or opinions presented in this email are solely those of the author =
and do not necessarily represent those of BBi Enterprises Inc. =
=0AFinally, the recipient should check this email and any attachments for th=
e presence of viruses. BBi Enterprises Inc. accepts no liability for any dam=
age caused by any virus transmitted by this email.=0A