[syslog-ng] Program Filters

Nate Campi nate at campin.net
Fri May 27 22:33:42 CEST 2005


On Fri, May 27, 2005 at 04:29:46PM +0600, Metal Gear wrote:
> Still there are no compilation errors now but i m not having any logs of ftp 
> and ssh when i remove filters then i get the bunch of logs. Setting the 
> filters for facility(auth, authpriv) is working but it gives only the users 
> who are successfully connected theu ssh or ftp. I m sending my 
> syslog-ng.conf using filters but i m not getting the logs of it.
> 
> 
> source src {unix-stream("/dev/log"); pipe("/proc/kmsg"); internal();};
> source stunnel {tcp(ip("127.0.0.1 <http://127.0.0.1>") port(514) 
> keep-alive(yes));};
> 
> filter f_ftp {program(".*ftp*.");};
> filter f_ssh {program(".*ssh*.");};
> 
> log {source(src); filter(f_syslog); filter(f_ftp); filter(f_ssh); 
> destination(dest2);};
> log {source(stunnel); filter(f_syslog); filter(f_ftp); filter(f_ssh); 
> destination(dest2);};

I already pointed out your error in this same thread. You can't have
those filters all set up, you'll only see messages if ALL OF THEM MATCH.

Read back through for an example I gave on how to make it filter the way
you want it to.
-- 
Nate

"A lie can travel half way around the world while the truth is putting 
on it's shoes." - Samuel Clemens



More information about the syslog-ng mailing list