[syslog-ng] Syslog-ng apache filters
Hugo Deprez
hugo.deprez at gmail.com
Wed Apr 11 11:57:02 CEST 2012
Dear community,
I am currently trying to setup a central syslog-ng server.
Almost everything is working, I just have some issue with filtering
apache2 logs.
On the remote host I use the following to send apache2 :
source vhost_access { file("/var/log/apache2/vhost-access.log"); };
This is working the central syslog server get the messages.
I setup a filter on the server to filter apache2 log such as :
filter f_apache { match("hostname.mydomain.fr"); };
this works.
The issue is that my apache2 logs match other filter, so I am logging
messages 3 times :
filter f_messages { level(info,notice,warn) and
not facility(auth,authpriv,cron,daemon,mail,news); };
and :
filter f_user { facility(user) and not filter(f_debug); };
It seems that I have to play with default-priority() and default-facility()
parameters.
I would like to know how do you deal with this kind of situation ?
Regards,
Hugo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120411/f19704a8/attachment.htm
More information about the syslog-ng
mailing list