[syslog-ng] Re : flags(final)
Michael J. Bauer
mjbauer at eecs.tufts.edu
Fri Sep 25 16:46:54 CEST 2009
That flags(final) is in fact part of the log{} line. The destination()
is also part of the log{} line, and appears on a line of its own because
of line wrap. The log{} line is, in one line (and hoping to avoid wrap):
log { source(s_sys); filter(f_network_address_translation);
destination(d_network_address_translation); flags(final); };
The terminating }; is after flags(final);. Neither of the real
destination{} lines contain flags(final).
MJB
srainville at videotron.ca wrote:
> The flags(final) goes at the end of the log statement, not the
> destination.
>
> Cheers,
>
> Steve
> ----- Message d'origine -----
> De: "Michael J. Bauer" <mjbauer at eecs.tufts.edu>
> Date: Jeudi, 24 Septembre 2009, 23:00
> Objet: [syslog-ng] flags(final)
> À: syslog-ng at lists.balabit.hu
>
> > I think I am misunderstanding what flags(final) is supposed to
> > do. I'm
> > running syslog-ng 2.1.4 on RHEL 5.4 (Tikanga).
> >
> > I have a fairly simple syslog-ng configuration, which I've
> > attached
> > below. I'm trying to pick off individual groups of log
> > entries and put
> > them in their own individual files. I want to ensure that
> > each gets
> > logged exactly once, so I'm using flags(final). I also
> > have a catch-all
> > at the end in case I've missed something, but the ultimate goal
> > is to
> > have that file present, but empty.
> >
> > However, with this configuration, the log entries that appear in
> > d_network_address_translation (/var/log/network-address-
> > translation)
> > also appear in d_default (/var/log/default) despite the presence
> > of
> > flags(final) on an earlier log() line. Should it work this
> > way? If so,
> > what can I do to get the desired behavior?
> >
> > Thanks,
> > MJB
> >
> > options {
> > sync (0);
> > time_reopen (10);
> > log_fifo_size (1000);
> > long_hostnames (off);
> > use_fqdn (no);
> > create_dirs (no);
> > keep_hostname (yes);
> > };
> >
> > source s_sys {
> > file ("/proc/kmsg"
> > log_prefix("kernel: "));
> > unix-stream ("/dev/log");
> > internal();
> > udp(ip(0.0.0.0) port(514));
> > };
> >
> > destination
> > d_network_address_translation {
> > file("/var/log/network-address-translation"); };
> > destination
> > d_default { file("/var/log/default"); };
> >
> > filter f_network_address_translation { host("router-service-
> > interface") and
> > priority(info) and
> > facility(local2) and
> > match("FWNAT"); };
> >
> > log { source(s_sys);
> > filter(f_network_address_translation);
> >
> > destination(d_network_address_translation); flags(final); };
> > log { source(s_sys);
> > destination(d_default); };
> >
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> > http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> ------------------------------------------------------------------------
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list