[syslog-ng] syslog-ng ruleset confusion or bug?

David Stainton dstainton415 at gmail.com
Tue Feb 26 19:23:44 CET 2013 

ah yeah simple mistake ;-) thanks


On Mon, Feb 25, 2013 at 8:28 PM, Evan Rempel <erempel at uvic.ca> wrote:

>  You are missing the -p in front of the "info.local3" AND it should be local3.info when you use the logger command.
>
> --
> Evan Rempel
> Senior Systems Administrator, Data Centre Services
> University of Victoria250.721.7691
>
> David Stainton <dstainton415 at gmail.com> wrote:
>
>
>
>
>  Greetings,
>
>  I am running syslog-ng-3.3.5-1 on CentOS release 6.3.
>
>  It seems like there is a subtle bug in syslog-ng or more likely a bug in
> my syslog-ng configuration. I am unable to get log message to appear in the
> other destinations besides /var/log/messages...
>
>  I've tried testing like this:
>
>  logger info.local3 howdy
>  logger info.local5 howdy
>  logger info.local6 howdy
>  logger emerg.local6 howdy
>
>  However the log messages only show up in /var/log/messages.
> I wonder why!
> Any help, observations or suggestions would be much appreciated.
>
>  Thanks!
> David
>
>
>  PS Here is my simple config:
>
>  @version: 3.3
>
>  options {
>   create_dirs (yes);
>   dir_perm(0755);
>   keep_hostname (yes);
>   perm(0644);
>   flush_lines (0);
>   time_reopen (10);
>   use_dns (yes);
>   use_fqdn (no);
> };
>
>  source s_sys {
>   file ("/proc/kmsg" program_override("kernel: "));
>   unix-stream ("/dev/log");
>   internal();
>   unix-stream ("/var/named/chroot/dev/log" optional(yes));
> };
>
>  destination d_mesg { file("/var/log/messages"); };
> destination d_app { file("/var/log/philotic/$PROGRAM.log"); };
> destination d_app_event { file("/var/log/philotic/$PROGRAM-event.log"); };
> destination d_philotic  { file("/var/log/philotic/$PROGRAM.log"); };
>
>  filter f_info { level(info..emerg) };
>
>  filter f_default    { level(info..emerg)
>   and not (
>     facility(mail)
>     or
>     facility(authpriv)
>     or
>     facility(cron)
>     or
>     facility(local6)
>     or
>     facility(local5)
>     or
>     facility(14)
>   );
> };
>
>  filter f_app_event { facility(local3); };
> filter f_app   { facility(local6); };
> filter f_philotic   { facility(local5); };
>
>  log { source(s_sys); filter(f_default); destination(d_mesg); };
> log { source(s_sys); filter(f_info); filter(f_app); destination(d_app); };
> log { source(s_sys); filter(f_info); filter(f_app_event);
> destination(d_app_event); };
> log { source(s_sys); filter(f_info); filter(f_philotic);
> destination(d_philotic); };
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130226/0b177a48/attachment.htm

More information about the syslog-ng mailing list