[syslog-ng] [Bug 218] To include local*.* facility.level in the source of syslog-ng

[bugzilla at bugzilla.balabit.com]

https://bugzilla.balabit.com/show_bug.cgi?id=218





--- Comment #1 from Balazs Scheidler <bazsi at balabit.hu>  2013-02-02 21:44:17 ---
I think you misunderstand how syslogd works. That line in syslogd means that 
messages tagged facility "local6", severity "info" or above, should be written
into /var/log/syslog.

It is essentially a filter.

You can do the same with syslog-ng, but you can also ask syslog-ng to send everything into a file regardless of filters.

Here's a sample:

# source omitted for brevity
source s_local { ... };
filter f_oracle { facility(local6); }
destination d_oracle { file("/var/log/oracle.log"); };

log { source(s_local); filter(f_oracle); destination(d_oracle); };

But if you want to put everything to the same file, you can completely omit the filter part:

source s_local { ... };
destination d_syslog { file("/var/log/syslog"); };

log { source(s_local); destination(d_syslog); };

Basically, the "log" statement tells syslog-ng what actions to perform on messages coming from a (set of) sources. They
establish connections between input and output channels of syslog-ng, potentially with additional processing.

BTW: your source declaration is redundant, system() is a source that expands to the system specific local log transport
of the underlying OS, on Solaris it expands to the stuff you wrote there.

BTW/2: syslog-ng has a nice documentation, you might want to start with section 2.2, which outlines the basic processing model of syslog-ng.

Hope this helps.



source s_local { system(); sun-streams("/dev/log" door("/etc/.syslog_door")); };


-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.