[syslog-ng] the filter doesn`t work for the remote log
Evan Rempel
erempel at uvic.ca
Wed Sep 19 07:08:59 CEST 2007
You have set your filter on the syslog facility, and the crond program uses different facilities
to log different information, such as the auth facility to log session open/close for the user
that the cron started process belongs to.
try using filters of
filter f_cron { program(crond); };
filter f_messages { not program(crond); };
and see how that works for you.
Evan.
liuruihong wrote:
> I use the syslog-ng to receive remote log,
>
> The syslog-ng is running under linux ,the remote client is sending log by
> syslog,
>
> and the syslog-ng configure fie is as follows:
>
>
>
> options { use_dns(yes); create_dirs(yes); };
> source src { udp(ip(0.0.0.0) port(514)); };
> filter f_cron { facility(cron); };
> filter f_messages { not facility(cron); };
> destination messages {
> file("/home/liuruihong/syslog-ng/log/$HOST/$YEAR/messages-$MONTH"); };
> destination cron {
> file("/home/liuruihong/syslog-ng/log/$HOST/$YEAR/cron-$MONTH"); };
> log { source(src); filter(f_cron); destination(cron); };
> log { source(src); filter(f_messages); destination(messages); };
>
>
>
> but the log files "messages-$MONTH" still include the crond information,
>
> I don't know why?
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
More information about the syslog-ng
mailing list