[syslog-ng] Unable to Filter Based On Facility into Different Files
wiskbroom at hotmail.com
wiskbroom at hotmail.com
Fri Apr 21 13:37:45 UTC 2017
Greetings!
I am trying to rewrite syslog-ng.conf to create files based on facilities; one way for non-auth messages, another for all authentication messages (ssh, su, sudo, and console logins).
I believe I have two issues with my statements below:
1. My ${HOST}- might be incorrect.
2. Am I able to write two filters for a single source? My single source in this case are Linux boxes, all sending their syslog traffic to my syslog-NG server with *.*.
My statements below, comments and criticism very welcome.
filter f_linux_secure { facility(authpriv) and level(info..emerg); };
filter f_linux_messages { level(info..emerg); };
destination d_linux_secure {
file("/data/Linux/${HOST}-secure.log" owner("root") group("systems") perm(0640) dir_perm(0750) create_dirs(yes));
destination d_linux_messages {
file("/data/Linux/${HOST}-messages.log" owner("root") group("systems") perm(0640) dir_perm(0750) create_dirs(yes));
log { source(s_remote); filter(f_linux_secure); destination(d_linux_secure); flags(final); };
log { source(s_remote); filter(f_linux_messages); destination(d_linux_messages); flags(final); };
Regards,
Vadim Anatoly Pushkin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170421/75c1e12f/attachment.html>
More information about the syslog-ng
mailing list