[syslog-ng] syslog-ng +bash history

Marcin Niskiewicz mniskiewicz at gmail.com
Thu Feb 5 14:45:36 CET 2009 

Yeah, it helped
Thank You !!

best regards

nichu

2009/2/5 Fegan, Joe <Joe.Fegan at hp.com>

>  Move the history log path to the top of the list and add flags(final) to
> it.
> That flag means "if you follow this path don't follow any others".
>
>  ------------------------------
> *From:* syslog-ng-bounces at lists.balabit.hu [mailto:
> syslog-ng-bounces at lists.balabit.hu] *On Behalf Of *Marcin Niskiewicz
> *Sent:* 05 February 2009 12:14
> *To:* syslog-ng at lists.balabit.hu
> *Subject:* [syslog-ng] syslog-ng +bash history
>
> Hello
> Everything that is written by users on console (my system is gentoo) is
> logged in 3 different files (debug , syslog, messages) ...
> I'd like to route all history logs to one file only...
> i made a filter and it works fine (it writes history to history.log) but
> still it writes it to those 3 files (debug , syslog, messages)  as well ...
> so now everything I type is written to 4 files (debug , syslog, messages
> and history.log) ...
>
> is there possibility to configure syslog-ng to log history only to one file
> (for example history.log) and leave others files clean?
>
> best regards
> nichu
>
> My standard configuration (with my modifiication to route history to
> history.log) looks like this:
>
>
> # Copyright 2005 Gentoo Foundation
> # Distributed under the terms of the GNU General Public License v2
> # $Header:
> /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened,v
> 1.5 2007/10/30 17:16:15 solar Exp $
>
> #
> # Syslog-ng configuration file, compatible with default hardened
> installations.
> #
>
> options {
>         chain_hostnames(off);
>         sync(0);
>         stats(43200);
> };
>
> source src { unix-stream("/dev/log"); internal(); };
> source kernsrc { file("/proc/kmsg"); };
>
> destination authlog { file("/var/log/auth.log"); };
> destination syslog { file("/var/log/syslog"); };
> destination cron { file("/var/log/cron.log"); };
> destination daemon { file("/var/log/daemon.log"); };
> destination kern { file("/var/log/kern.log"); file("/dev/tty12"); };
> destination lpr { file("/var/log/lpr.log"); };
> destination user { file("/var/log/user.log"); };
> destination uucp { file("/var/log/uucp.log"); };
> destination mail { file("/var/log/mail/mail.log"); };
>
> destination avc { file("/var/log/avc.log"); };
> destination audit { file("/var/log/audit.log"); };
> destination pax { file("/var/log/pax.log"); };
> destination grsec { file("/var/log/grsec.log"); };
> destination historia { file("/var/log/history.log"); };
>
> destination mailinfo { file("/var/log/mail/mail.info"); };
> destination mailwarn { file("/var/log/mail/mail.warn"); };
> destination mailerr { file("/var/log/mail/mail.err"); };
>
> destination newscrit { file("/var/log/news/news.crit"); };
> destination newserr { file("/var/log/news/news.err"); };
> destination newsnotice { file("/var/log/news/news.notice"); };
>
> destination debug { file("/var/log/debug"); };
> destination messages { file("/var/log/messages"); };
> destination console { usertty("root"); };
> destination console_all { file("/dev/tty12"); };
>
> destination xconsole { pipe("/dev/xconsole"); };
>
> filter f_auth { facility(auth); };
> filter f_authpriv { facility(auth, authpriv); };
> filter f_syslog { not facility(authpriv, mail); };
> filter f_cron { facility(cron); };
> filter f_daemon { facility(daemon); };
> filter f_kern { facility(kern); };
> filter f_lpr { facility(lpr); };
> filter f_mail { facility(mail); };
> filter f_user { facility(user); };
> filter f_uucp { facility(uucp); };
> filter f_debug { not facility(auth, authpriv, news, mail); };
> filter f_messages { level(info..warn)
>         and not facility(auth, authpriv, mail, news); };
> filter f_emergency { level(emerg); };
>
> filter f_info { level(info); };
>
> filter f_notice { level(notice); };
> filter f_warn { level(warn); };
> filter f_crit { level(crit); };
> filter f_err { level(err); };
>
> filter f_avc { match(".*avc: .*"); };
> filter f_audit { match("^audit.*") and not match(".*avc: .*"); };
> filter f_pax { match("^PAX:.*"); };
> filter f_grsec { match("^grsec:.*"); };
> filter f_history { match(".*HISTORY*"); };
>
> log { source(src); filter(f_authpriv); destination(authlog); };
> log { source(src); filter(f_syslog); destination(syslog); };
> log { source(src); filter(f_cron); destination(cron); };
> log { source(src); filter(f_daemon); destination(daemon); };
> log { source(kernsrc); filter(f_kern); destination(kern); };
> log { source(src); filter(f_lpr); destination(lpr); };
> log { source(src); filter(f_mail); destination(mail); };
> log { source(src); filter(f_user); destination(user); };
> log { source(src); filter(f_history); destination(history); };
> log { source(src); filter(f_mail); filter(f_info); destination(mailinfo);
> };
> log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn);
> };
> log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
> log { source(src); filter(f_debug); destination(debug); };
> log { source(src); filter(f_messages); destination(messages); };
> log { source(src); filter(f_emergency); destination(console); };
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090205/b510fa26/attachment.htm

More information about the syslog-ng mailing list