On Fri, Aug 27, 2004 at 06:20:27PM -0400, Stephen Gran wrote:
Hello all,
I am sorry to have to ask this here - it seems like it just should be
working, but it's not, and I am now starting to get frustrated.
At work we have several machines that output a lot of garbage to syslog,
most of which we don't need to see. The programs responsible for the
garbage are also capable of sending admin emails for alerts, so I thought
that a nice idea might be to have syslog log all of the messages to a
seperate file that we don't logcheck, and look them over if there's an
email or a problem (don't worry - these are non-mission critical type
apps, and are not network accessible, so I am not too worried about
missing a message for a little while).
I can configure the loglevel that the apps log to, fortunately, but it
doesn't seem to be working correctly. So, if I am logging to syslog
level local7, I add this to syslog.conf as the first uncommented line:
local7.* /var/log/noisy.log
and hup syslog. I now see the messages from the apps in noisy.log, but
I still see the chatter in syslog :( Does anyone see anything obviously
wrong with this, to help save me from tearing hair out?
Thanks,
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
syslog.conf don't work as a filter (check line for line, stop at first match)
like iptables or sisco accesslists do.
If you stil got the default catch all ine:
*.*;auth,authpriv.none -/var/log/syslog
in syslog.conf, the messsages goes there too.
--
Frode Haugsgjerd
Norway