[syslog-ng] 答复: the filter doesn`t work for the remote log

liuruihong liuruihong at baidu.com
Wed Sep 19 08:14:51 CEST 2007 

It works.

Thank you very much::)

-----邮件原件-----
发件人: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] 代表 Evan Rempel
发送时间: 2007年9月19日 13:09
收件人: Syslog-ng users' and developers' mailing list
主题: Re: [syslog-ng] the filter doesn`t work for the remote log

You have set your filter on the syslog facility, and the crond program uses
different facilities
to log different information, such as the auth facility to log session
open/close for the user
that the cron started process belongs to.

try using filters of

filter f_cron { program(crond); };
filter f_messages { not program(crond); };

and see how that works for you.

Evan.

liuruihong wrote:
> I use the syslog-ng to receive remote log,
> 
> The syslog-ng is running under linux ,the remote client is sending log by
> syslog,
> 
> and the syslog-ng configure fie is as follows: 
> 
>  
> 
> options { use_dns(yes); create_dirs(yes); };
> source src { udp(ip(0.0.0.0) port(514)); };
> filter f_cron { facility(cron); };
> filter f_messages { not facility(cron); };
> destination messages {
> file("/home/liuruihong/syslog-ng/log/$HOST/$YEAR/messages-$MONTH"); };
> destination cron {
> file("/home/liuruihong/syslog-ng/log/$HOST/$YEAR/cron-$MONTH"); };
> log { source(src); filter(f_cron); destination(cron); };
> log { source(src); filter(f_messages); destination(messages); };
> 
>  
> 
> but the log files "messages-$MONTH" still include the crond information,
> 
> I don't know why?
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 

_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list