[syslog-ng] syslog-ng +bash history

Fegan, Joe Joe.Fegan at hp.com
Thu Feb 5 14:14:31 CET 2009


You may want to make your filter more specific (e.g. add a facility or severity) because otherwise all messages from all sources that happen to have the string "HISTORY" in them anywhere will get sent to your new log file and nowhere else.

________________________________
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Fegan, Joe
Sent: 05 February 2009 13:06
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] syslog-ng +bash history

Move the history log path to the top of the list and add flags(final) to it.
That flag means "if you follow this path don't follow any others".

________________________________
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Marcin Niskiewicz
Sent: 05 February 2009 12:14
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] syslog-ng +bash history

Hello
Everything that is written by users on console (my system is gentoo) is logged in 3 different files (debug , syslog, messages) ...
I'd like to route all history logs to one file only...
i made a filter and it works fine (it writes history to history.log) but still it writes it to those 3 files (debug , syslog, messages)  as well ...
so now everything I type is written to 4 files (debug , syslog, messages and history.log) ...

is there possibility to configure syslog-ng to log history only to one file (for example history.log) and leave others files clean?

best regards
nichu

My standard configuration (with my modifiication to route history to history.log) looks like this:


# Copyright 2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened,v 1.5 2007/10/30 17:16:15 solar Exp $

#
# Syslog-ng configuration file, compatible with default hardened installations.
#

options {
        chain_hostnames(off);
        sync(0);
        stats(43200);
};

source src { unix-stream("/dev/log"); internal(); };
source kernsrc { file("/proc/kmsg"); };

destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); file("/dev/tty12"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };
destination mail { file("/var/log/mail/mail.log"); };

destination avc { file("/var/log/avc.log"); };
destination audit { file("/var/log/audit.log"); };
destination pax { file("/var/log/pax.log"); };
destination grsec { file("/var/log/grsec.log"); };
destination historia { file("/var/log/history.log"); };

destination mailinfo { file("/var/log/mail/mail.info<http://mail.info/>"); };
destination mailwarn { file("/var/log/mail/mail.warn"); };
destination mailerr { file("/var/log/mail/mail.err"); };

destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };

destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };

destination xconsole { pipe("/dev/xconsole"); };

filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
        and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };

filter f_info { level(info); };

filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

filter f_avc { match(".*avc: .*"); };
filter f_audit { match("^audit.*") and not match(".*avc: .*"); };
filter f_pax { match("^PAX:.*"); };
filter f_grsec { match("^grsec:.*"); };
filter f_history { match(".*HISTORY*"); };

log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_history); destination(history); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090205/6b8ee2cc/attachment-0001.htm 


More information about the syslog-ng mailing list