[syslog-ng] Unable to Filter Based On Facility into Different Files

wiskbroom at hotmail.com wiskbroom at hotmail.com
Fri Apr 21 13:37:45 UTC 2017


I am trying to rewrite syslog-ng.conf to create files based on facilities; one way for non-auth messages, another for all authentication messages (ssh, su, sudo, and console logins).

I believe I have two issues with my statements below:

1. My ${HOST}- might be incorrect.

2. Am I able to write two filters for a single source? My single source in this case are Linux boxes, all sending their syslog traffic to my syslog-NG server with *.*.

My statements below, comments and criticism very welcome.

filter f_linux_secure   { facility(authpriv) and level(info..emerg); };
filter f_linux_messages { level(info..emerg); };

destination d_linux_secure      {
        file("/data/Linux/${HOST}-secure.log" owner("root") group("systems") perm(0640) dir_perm(0750) create_dirs(yes));
destination d_linux_messages    {
        file("/data/Linux/${HOST}-messages.log" owner("root") group("systems") perm(0640) dir_perm(0750) create_dirs(yes));

log { source(s_remote);         filter(f_linux_secure); destination(d_linux_secure); flags(final); };
log { source(s_remote);         filter(f_linux_messages); destination(d_linux_messages); flags(final); };


Vadim Anatoly Pushkin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170421/75c1e12f/attachment.html>

More information about the syslog-ng mailing list