syslog-ng issue

To: debian security list <debian-security@lists.debian.org>
Subject: syslog-ng issue
From: Jeff Coppock <jcoppock1@home.com>
Date: Sun, 5 Aug 2001 09:04:45 -0700
Message-id: <[🔎] 20010805090445.C12913@nortelnetworks.com>
Mail-followup-to: debian security list <debian-security@lists.debian.org>

   I'm trying to cleanup my logging using syslog-ng (version
   1.5.6-1).  The problem at this point is that my firewall
   (iptables) logs are showing up in my newly setup firewall log
   file, and still in the messages kern.log and syslog files.  
   
   I used the default syslog-ng.conf file and added the following
   lines to the appropriate sections:
   
   destination firewall { file("/var/log/firewall" owner("root")
   group("adm") perm\(0640)); };

   filter f_firewall { match("Dropped: .*IN=.*OUT=.*"); };
    
   log { source(src); filter(f_firewall); destination(firewall); };
   
   My desire is to have all firewall logs go ONLY to the firewall
   log file.
   
   Does the order in which these entries occur matter?  I just
   noticed that the destination entry was at the end of that
   section while the filter and log entries are at the beginning.
   I moved the destination entry to the beginning of that
   section and will watch the logs.
   
   thanks for any help...jc
   
-- 

Jeff Coppock		Nortel Networks
Systems Engineer	http://nortelnetworks.com
Major Accts.		Santa Clara, CA

Reply to:

Follow-Ups:
- Re: syslog-ng issue
  - From: Jeff Coppock <jcoppock1@home.com>

Prev by Date: [OT] Key mapping
Next by Date: Re: snort 1.8 for demarc
Previous by thread: [OT] Key mapping
Next by thread: Re: syslog-ng issue
Index(es):
- Date
- Thread