[syslog-ng] the filter doesn`t work for the remote log
liuruihong
liuruihong at baidu.com
Wed Sep 19 04:56:16 CEST 2007
I use the syslog-ng to receive remote log,
The syslog-ng is running under linux ,the remote client is sending log by
syslog,
and the syslog-ng configure fie is as follows:
options { use_dns(yes); create_dirs(yes); };
source src { udp(ip(0.0.0.0) port(514)); };
filter f_cron { facility(cron); };
filter f_messages { not facility(cron); };
destination messages {
file("/home/liuruihong/syslog-ng/log/$HOST/$YEAR/messages-$MONTH"); };
destination cron {
file("/home/liuruihong/syslog-ng/log/$HOST/$YEAR/cron-$MONTH"); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_messages); destination(messages); };
but the log files "messages-$MONTH" still include the crond information,
I don't know why?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070919/7d722121/attachment.htm
More information about the syslog-ng
mailing list