[syslog-ng] iptables logging in a separate logfile works not properly
Ralf Heidenreich
ralf at lx-work.de
Fri May 29 18:01:36 CEST 2009
Hello,
can you give me an example, how to use the final flag?
thanks in advance.
regards
Ralf
Szalay Attila schrieb:
> Hi,
>
> On Fri, 2009-05-29 at 14:15 +0200, Ralf Heidenreich wrote:
>> Hello,
>>
>> I have the following line in iptables:
>> iptables -A INPUT -j LOG --log-prefix "INPUT: "
>> In syslog-ng (/etc/syslog-ng/syslog-ng.conf) I have the following config:
> [...]
>> filter iptables { match("INPUT:"); };
>> log { source(s_sys); filter(iptables); destination(iptables); };
> [...]
>> filter f_default { level(info..emerg) and
>> not (facility(mail)
>> or facility(authpriv)
>> or facility(cron)); };
> [...]
>> log { source(s_sys); filter(f_default); destination(d_mesg); };
>
> syslog-ng do not stop the evaluation when a destination is found. And
> because of this and because the second log statement is matching to the
> line the syslog-ng store it to the message too.
>
> If you want to order the syslog-ng to stop you can use the final
> directive.
>
>
>
> ------------------------------------------------------------------------
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
More information about the syslog-ng
mailing list