[syslog-ng] Unable to Filter Based On Facility into Different Files

Dwijadas Dey dwijad at gmail.com
Fri Apr 21 14:08:24 UTC 2017 

Hi
   Final flags respond with only top-level log paths. You can use embedded
log statement to achieve your goal.



log {

             log {
                   source(s_remote);
                   filter(f_linux_secure);
                   destination(d_linux_secure);
                   flags(final);
             };

             log {
                   source(s_remote);
                   filter(f_linux_messages);
                   destination(d_linux_messages);
              };
};


https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-embedded-logpaths.html

Regards

On Fri, Apr 21, 2017 at 7:14 PM, wiskbroom at hotmail.com <
wiskbroom at hotmail.com> wrote:

> Yes, I only want said messages in one of the two files, not both.
>
>
> Vadim Anatoly Pushkin
> ------------------------------
> *From:* syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of
> james.r.hendrick <james.r.hendrick at gmail.com>
> *Sent:* Friday, April 21, 2017 9:40:20 AM
> *To:* Syslog-ng users' and developers' mailing list
> *Subject:* Re: [syslog-ng] Unable to Filter Based On Facility into
> Different Files
>
> flags (final) stops the professing in the first statement
>
>
>
> Sent from my Verizon, Samsung Galaxy smartphone
>
> -------- Original message --------
> From: wiskbroom at hotmail.com
> Date: 4/21/17 9:37 AM (GMT-05:00)
> To: syslog-ng at lists.balabit.hu
> Subject: [syslog-ng] Unable to Filter Based On Facility into Different
> Files
>
> Greetings!
>
>
> I am trying to rewrite syslog-ng.conf to create files based on facilities;
> one way for non-auth messages, another for all authentication messages
> (ssh, su, sudo, and console logins).
>
>
> I believe I have two issues with my statements below:
>
> 1. My ${HOST}- might be incorrect.
>
> 2. Am I able to write two filters for a single source? My single source in
> this case are Linux boxes, all sending their syslog traffic to my syslog-NG
> server with *.*.
>
>
> My statements below, comments and criticism very welcome.
>
>
> filter f_linux_secure   { facility(authpriv) and level(info..emerg); };
> filter f_linux_messages { level(info..emerg); };
>
>
> destination d_linux_secure      {
>         file("/data/Linux/${HOST}-secure.log" owner("root")
> group("systems") perm(0640) dir_perm(0750) create_dirs(yes));
> destination d_linux_messages    {
>         file("/data/Linux/${HOST}-messages.log" owner("root")
> group("systems") perm(0640) dir_perm(0750) create_dirs(yes));
>
> log { source(s_remote);         filter(f_linux_secure);
> destination(d_linux_secure); flags(final); };
> log { source(s_remote);         filter(f_linux_messages);
> destination(d_linux_messages); flags(final); };
>
>
>
> Regards,
>
>
>
> Vadim Anatoly Pushkin
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170421/16d82e25/attachment-0001.html>

More information about the syslog-ng mailing list