Re: syslog-ng issue
Jeff Coppock, 2001-Aug-05 09:04 -0700:
> I'm trying to cleanup my logging using syslog-ng (version
> 1.5.6-1). The problem at this point is that my firewall
> (iptables) logs are showing up in my newly setup firewall log
> file, and still in the messages kern.log and syslog files.
>
> I used the default syslog-ng.conf file and added the following
> lines to the appropriate sections:
>
> destination firewall { file("/var/log/firewall" owner("root")
> group("adm") perm\(0640)); };
>
> filter f_firewall { match("Dropped: .*IN=.*OUT=.*"); };
>
> log { source(src); filter(f_firewall); destination(firewall); };
>
> My desire is to have all firewall logs go ONLY to the firewall
> log file.
>
> Does the order in which these entries occur matter? I just
> noticed that the destination entry was at the end of that
> section while the filter and log entries are at the beginning.
> I moved the destination entry to the beginning of that
> section and will watch the logs.
>
> thanks for any help...jc
Well, I figured it out. More time and reading always seems to
make a difference. Basically, I added another filter to "not"
match the firewall messages and used that filter with the
messages, kern.log and syslog log entries and it works great.
jc
--
Jeff Coppock Nortel Networks
Systems Engineer http://nortelnetworks.com
Major Accts. Santa Clara, CA
Reply to: