[syslog-ng] Syslog-ng not honoring negative flag
Dan Egli
dan at newideatest.site
Wed Apr 7 05:17:51 UTC 2021
I'm having a bit of a problem and hope someone here can help. I'm trying
to separate individual items into specific logs, i.e. ssh events in
sshd.log, samba messages in samba.log, etc...
I managed to come up with filters that pull out the events I started
with, and they are going into the correct log files. But they are ALSO
going into /var/log/messages even though I specifically have a filter on
that one that says not to include samba or sshd events. I'll copy my
config file here. Hopefully someone can tell me what I did wrong.
Thanks!
---------------------------------------------
@version: 3.30
@include "scl.conf"
options {
threaded(yes);
chain_hostnames(no);
stats_freq(43200);
mark_freq(3600);
};
source src { system(); internal(); };
filter samba { program("samba"); };
filter ssh_messages { facility("AUTH") and level("INFO"); };
filter syslog { not filter("ssh_messages") and not filter("samba"); };
destination console { file("/dev/tty12"); };
destination messages { file("/var/log/messages"); };
destination sshd_log { file("/var/log/sshd/sshd.log"); };
destination smb_logs { file("/var/log/samba/samba.log"); };
log { source(src); destination(smb_logs); filter(samba); flags(final); );
log { source(src); destination(sshd_log); filter(ssh_messages);
flags(final); };
log { source(src); destination(console); filter(syslog); };
log { source(src); destination(messages); filter(syslog); };
More information about the syslog-ng
mailing list