[syslog-ng] program filters

Metal Gear finattack at gmail.com
Thu Jun 16 08:17:29 CEST 2005 

Hi,
I m trying to log only specific type of program alerts in a mysql db at 
remote syslog-ng server. Till now i m able to get exactly the messages that 
i wanted but i m also getting some annoying messages in mysql db. I did 
researched the problem but was unable to find any satified answer. These 
messages are 
 
 *host* *facility* *priority* *level* *tag* *date* *time* *program* *msg* *
seq*  abc kern warning warning 04 2005-06-16 08:58:35 On node 0 total On 
node 0 totalpages: 65088 3572  abc kern warning warning 04 2005-06-16 
08:58:35 Processors Processors: 1 3573  abc kern warning warning 04 
2005-06-16 08:58:35 ESR value after ESR value after enabling vector: 
00000000 3574  abc kern info info 06 2005-06-16 08:59:29 parport0 parport0: 
PC-style at 0x378 (0x778) [PCSPP,TRISTATE] 3575  abc kern info info 06 
2005-06-16 08:59:29 parport0 parport0: irq 7 detected 3576 
I m also attaching my syslog-ng.conf file any help would be greatly 
appreciated.

options { long_hostnames(off);
sync(0);
keep_hostname(yes);
chain_hostnames(no);
use_time_recvd(yes);
};

source src {unix-stream("/dev/log");
pipe("/proc/kmsg");
internal();};

source stunnel {tcp(ip("127.0.0.1 <http://127.0.0.1/>") port(514) 
keep-alive(yes));};
source netscreen {udp(ip("192.168.1.6 <http://192.168.1.6/>") port(514) );};

destination remoteclient {file("/var/log/HOSTS/$HOST/
$DAY.$MONTH.$YEAR.loggedmessages"
create_dirs(yes));};
destination dest 
{file("/var/log/HOSTS/$HOST/$DAY.$MONTH.$YEAR.loggedmessages" 
create_dirs(yes));};
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date,
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL',
'$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") 
template-escape(yes));
};

filter f_syslog {not match("STATS: dropped");};
filter f_auth { facility(auth) or program(".*ftp*.") or program(".*ssh*.") 
or program(".*pam*."); };

log {source(src); filter(f_syslog); filter(f_auth); destination(d_mysql);};
log {source(stunnel); filter(f_syslog); filter(f_auth); 
destination(d_mysql);};
log {source(netscreen); destination(d_mysql);};

log {source(src); filter(f_syslog); destination(dest);};
log {source(stunnel); filter(f_syslog); destination(remoteclient);};
log {source(netscreen); destination(remoteclient);};
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20050616/dd3d8bb3/attachment.html

More information about the syslog-ng mailing list