[syslog-ng] log smtp mail messages to a specific file

Tue Jun 1 21:10:24 CEST 2010

Postfix messages were logged in /var/log/messages.
Here is how syslog-ng.conf was (before my changes):
----------------------------------------------------
# cat /etc/syslog-ng/syslog-ng.conf.orig
@version: 3.0
# $Header:
/var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3,v
1.1 2010/04/06 02:11:35 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux

options {
    chain_hostnames(no);

    # The default action of syslog-ng is to log a STATS line
    # to the file every 10 minutes.  That's pretty ugly after a while.
    # Change it to every 12 hours so you get a nice daily update of
    # how many messages syslog-ng missed (0).
    stats_freq(43200);
};

source src {
    unix-stream("/dev/log" max-connections(256));
    internal();
    file("/proc/kmsg");
};

destination messages { file("/var/log/messages"); };

# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

log { source(src); destination(messages); };
log { source(src); destination(console_all); };

-------------------------------------------------

I wanted to log postfix messages to a new file: /var/log/mail.log
I changed /etc/syslog-ng/syslog-ng.conf like so:

# diff syslog-ng.conf.orig syslog-ng.conf
15a16,23
> filter mail {
>     facility(mail);
> };
>
> filter notmail {
>     not facility(mail);
> };
>
22a31
> destination mail { file("/var/log/mail.log"); };
31,32c40,42
< log { source(src); destination(messages); };
< log { source(src); destination(console_all); };
---
> log { source(src); filter(mail); destination(mail); };
> log { source(src); filter(notmail); destination(messages); };
> log { source(src); filter(notmail); destination(console_all); };
----------------------------------------------------------------------

It worked, or at least I think so, by looking at both /var/log/messages
and /var/log/mail.log.

So ,my questions are:
1) Are my edits OK? Did I do anything wrong?
2) Should I have configured it otherwise, perhaps more efficiently?

Thanks.
Thanasis