[prev in list] [next in list] [prev in thread] [next in thread] 

List:       syslog-ng
Subject:    [syslog-ng] filtering logs from a file?
From:       Steven Matkoski <matkoski () nysernet ! org>
Date:       2006-02-28 14:15:19
Message-ID: 6.2.3.4.2.20060228085131.0478c910 () ms ! nysernet ! org
[Download RAW message or body]

Hi,

I am using syslog-ng 1.6.5-2.2 on a Debian box in a chroot environment.
I have a default configuration except for gathering log messages from a
few routers, a pix, and vpn concentrator. I have the logs going into the files
I want, but the logs are also going into files I don't want. I 
currently have all
the routers logging into a routers/ directory and the pix and vpn logging into
a security/ directory, but the pix and vpn are also logging into the router
directory which I would like to stop. I have tried a bunch of different filters
but nothing seems to work. Any help appreciated.

My configuration:

# router syslog
source s_syslogd { udp(ip(0.0.0.0) port(514)); };

# router syslog
destination d_router { file("/var/log/routers/$HOST"); };
destination d_security { file("/var/log/security/$HOST"); };

# router syslog
filter f_router {
         not host(/<vpn ip>/)
         or not host(/<pix ip>/);
};

filter f_security { host(<vpn ip>) or host(<pix ip>); };

# router.*
#log { source(s_syslogd); filter(f_router); destination(d_router); };
log { source(s_syslogd); destination(d_router); };

# firewall, vpn concentrtor
log { source(s_syslogd); filter(f_security); destination(d_security); };

thanks.
-s.

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

[prev in list] [next in list] [prev in thread] [next in thread]