syslog-ng issue
I'm trying to cleanup my logging using syslog-ng (version
1.5.6-1). The problem at this point is that my firewall
(iptables) logs are showing up in my newly setup firewall log
file, and still in the messages kern.log and syslog files.
I used the default syslog-ng.conf file and added the following
lines to the appropriate sections:
destination firewall { file("/var/log/firewall" owner("root")
group("adm") perm\(0640)); };
filter f_firewall { match("Dropped: .*IN=.*OUT=.*"); };
log { source(src); filter(f_firewall); destination(firewall); };
My desire is to have all firewall logs go ONLY to the firewall
log file.
Does the order in which these entries occur matter? I just
noticed that the destination entry was at the end of that
section while the filter and log entries are at the beginning.
I moved the destination entry to the beginning of that
section and will watch the logs.
thanks for any help...jc
--
Jeff Coppock Nortel Networks
Systems Engineer http://nortelnetworks.com
Major Accts. Santa Clara, CA
Reply to: