[syslog-ng] filtering logs from a file?
Steven Matkoski
matkoski at nysernet.org
Mon Mar 6 17:30:20 CET 2006
Hi,
I am using syslog-ng 1.6.5-2.2 on a Debian box in a chroot environment.
I have a default configuration except for gathering log messages from a
few routers, a pix, and vpn concentrator. I have the logs going into the files
I want, but the logs are also going into files I don't want. I
currently have all
the routers logging into a routers/ directory and the pix and vpn logging into
a security/ directory, but the pix and vpn are also logging into the router
directory which I would like to stop. I have tried a bunch of different filters
but nothing seems to work. Any help appreciated.
My configuration:
# router syslog
source s_syslogd { udp(ip(0.0.0.0) port(514)); };
# router syslog
destination d_router { file("/var/log/routers/$HOST"); };
destination d_security { file("/var/log/security/$HOST"); };
# router syslog
filter f_router {
not host(/<vpn ip>/)
or not host(/<pix ip>/);
};
filter f_security { host(<vpn ip>) or host(<pix ip>); };
# router.*
#log { source(s_syslogd); filter(f_router); destination(d_router); };
log { source(s_syslogd); destination(d_router); };
# firewall, vpn concentrtor
log { source(s_syslogd); filter(f_security); destination(d_security); };
thanks.
-s.
More information about the syslog-ng
mailing list