[syslog-ng] Log to syslog file, filter from fifo
Balazs Scheidler
bazsi at balabit.hu
Fri Dec 9 21:26:30 CET 2011
On Fri, 2011-11-25 at 09:02 -0700, Lay, James wrote:
> Topic says it. I think I have a pretty simple layout:
>
>
>
>
>
> log {
>
> source(s_local);
>
> filter(f_firewall);
>
> destination(d_file);
>
> destination(fifo);
>
> };
>
>
>
> Can I change this to:
>
>
>
> log {
>
> source(s_local);
>
> destination(d_file);
>
> filter(f_firewall);
>
> destination(fifo);
>
> };
>
>
>
> ? Will this log to file, then filter, then go to fifo? Thanks and
> hope this isn’t a silly question…I read this from the admin guide:
>
>
>
> Log statements are processed in the order they appear in the
> configuration file, thus the order of log paths may influence what
> happens to a message, especially when using filters and log flags.
>
>
>
> So I’m hoping that is the case. Thank you.
Yes, it is. Starting with syslog-ng 3.0, you can organize your log paths
in a tree, which might be more readable, but achieves the same:
log {
source(s_local);
log { destination(d_file); };
log { filter(f_firewall); destination(fifo); };
};
The log {} statements on the 2nd level are branches of the tree rooted
at the outmost log statement.
You can have any number of embedded statements, and flags(final) is
usable too.
--
Bazsi
More information about the syslog-ng
mailing list