[syslog-ng] Re: logs written twice

Nick Baronian kvetch at gmail.com
Wed Nov 1 23:06:22 CET 2006


Thanks again Len.
So I guess the standard conf (in the examples dir) logs a lot of the
same stuff to multiple files, ie. messages file and syslog file.  Why
do this when the syslog statement catches everything the messages
catches?  It isn't that big of a division of types of events so I
guess that was confusing me.

If I understand this right in the example file snippet-
filter f_syslog { not facility(authpriv, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv,
mail, news); };
The messages will only log "info, notice and warning and everything
but auth, authpriv, mail and news" but the syslog will log "all levels
and everything but authpriv and mail"?
Is that correct, if you don't specify the level, what does it default to?

-Nick

On 11/1/06, Leonard Mills <Leonard_Mills at corpnet.sel.sony.com> wrote:
> Yes, you've got it exactly correct.  Processing of the
> incoming packet will end when a final flag is encountered.
> Things that are desired in multiple places shouldn't be
> allowed encounter the final flag (maybe things like
> auth.crit should appear in more than one place).
>
> Len


More information about the syslog-ng mailing list