[syslog-ng] [Fwd: Re: [Fwd: Re: iptables logging in a separate logfile works not properly]]
Ralf Heidenreich
ralf at lx-work.de
Thu Aug 27 13:07:14 CEST 2009
Hello,
can anybody help me?
regards
Ralf
Ralf Heidenreich schrieb:
> Hello,
>
> if I use the final flag, postfix loggs to /var/log/messages, not to
> /var/log/maillog.
> What I am doing wrong?
>
> regards ralf
> Here my config:
> options {
> sync (0);
> time_reopen (10);
> log_fifo_size (1000);
> long_hostnames (off);
> use_dns (no);
> use_fqdn (no);
> create_dirs (no);
> keep_hostname (yes);
> };
>
> source s_sys {
> file ("/proc/kmsg" log_prefix("kernel: "));
> unix-stream ("/dev/log");
> internal();
> # udp(ip(0.0.0.0) port(514));
> };
> destination iptables { file("/var/log/firewall.log"); };
> filter iptables { match("INPUT:"); };
> log { source(s_sys); filter(iptables);
> destination(iptables);flags(final); };
> #log { source(s_sys); filter(iptables); destination(iptables); };
> filter noiptables { not match("INPUT:"); };
> log { source(s_sys); filter(noiptables); destination(d_kern); };
>
> destination d_cons { file("/dev/console"); };
> destination d_mesg { file("/var/log/messages"); };
> destination d_auth { file("/var/log/secure"); };
> destination d_mail { file("/var/log/maillog" sync(10)); };
> destination d_spol { file("/var/log/spooler"); };
> destination d_boot { file("/var/log/boot.log"); };
> destination d_cron { file("/var/log/cron"); };
> destination d_kern { file("/var/log/messages"); };
> destination d_mlal { usertty("*"); };
> # direct iptables logs into /var/log/firewall.log
>
>
>
> filter f_kernel { facility(kern); };
> filter f_default { level(info..emerg) and
> not (facility(mail)
> or facility(authpriv)
> or facility(cron)); };
> filter f_auth { facility(authpriv); };
> filter f_mail { facility(mail); };
> filter f_emergency { level(emerg); };
> filter f_news { facility(uucp) or
> (facility(news)
> and level(crit..emerg)); };
> filter f_boot { facility(local7); };
> filter f_cron { facility(cron); };
>
> #log { source(s_sys); filter(f_kernel); destination(d_cons); };
> log { source(s_sys); filter(f_kernel); destination(d_kern); };
> log { source(s_sys); filter(f_default); destination(d_mesg); };
> log { source(s_sys); filter(f_auth); destination(d_auth); };
> log { source(s_sys); filter(f_mail); destination(d_mail); };
> log { source(s_sys); filter(f_emergency); destination(d_mlal); };
> log { source(s_sys); filter(f_news); destination(d_spol); };
> log { source(s_sys); filter(f_boot); destination(d_boot); };
> log { source(s_sys); filter(f_cron); destination(d_cron); };
>
> Ralf Heidenreich schrieb:
>> Hello,
>>
>> can you give me an example, how to use the final flag?
>> thanks in advance.
>>
>> regards
>> Ralf
>>
>> Szalay Attila schrieb:
>>> Hi,
>>>
>>> On Fri, 2009-05-29 at 14:15 +0200, Ralf Heidenreich wrote:
>>>> Hello,
>>>>
>>>> I have the following line in iptables:
>>>> iptables -A INPUT -j LOG --log-prefix "INPUT: "
>>>> In syslog-ng (/etc/syslog-ng/syslog-ng.conf) I have the following config:
>>> [...]
>>>> filter iptables { match("INPUT:"); };
>>>> log { source(s_sys); filter(iptables); destination(iptables); };
>>> [...]
>>>> filter f_default { level(info..emerg) and
>>>> not (facility(mail)
>>>> or facility(authpriv)
>>>> or facility(cron)); };
>>> [...]
>>>> log { source(s_sys); filter(f_default); destination(d_mesg); };
>>> syslog-ng do not stop the evaluation when a destination is found. And
>>> because of this and because the second log statement is matching to the
>>> line the syslog-ng store it to the message too.
>>>
>>> If you want to order the syslog-ng to stop you can use the final
>>> directive.
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list