[syslog-ng] Unable to Filter Based On Facility into Different Files
james.r.hendrick
james.r.hendrick at gmail.com
Fri Apr 21 13:40:20 UTC 2017
flags (final) stops the professing in the first statement
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message --------From: wiskbroom at hotmail.com Date: 4/21/17 9:37 AM (GMT-05:00) To: syslog-ng at lists.balabit.hu Subject: [syslog-ng] Unable to Filter Based On Facility into Different Files
Greetings!
I am trying to rewrite syslog-ng.conf to create files based on facilities; one way for non-auth messages, another for all authentication messages (ssh, su, sudo, and console logins).
I believe I have two issues with my statements below:
1. My ${HOST}- might be incorrect.
2. Am I able to write two filters for a single source? My single source in this case are Linux boxes, all sending their syslog traffic to my syslog-NG server with *.*.
My statements below, comments and criticism very welcome.
filter f_linux_secure { facility(authpriv) and level(info..emerg); };
filter f_linux_messages { level(info..emerg); };
destination d_linux_secure {
file("/data/Linux/${HOST}-secure.log" owner("root") group("systems") perm(0640) dir_perm(0750) create_dirs(yes));
destination d_linux_messages {
file("/data/Linux/${HOST}-messages.log" owner("root") group("systems") perm(0640) dir_perm(0750) create_dirs(yes));
log { source(s_remote); filter(f_linux_secure); destination(d_linux_secure); flags(final); };
log { source(s_remote); filter(f_linux_messages); destination(d_linux_messages); flags(final); };
Regards,
Vadim Anatoly Pushkin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170421/4f250d30/attachment.html>
More information about the syslog-ng
mailing list