On 12/22/2013 03:17 PM, Tanstaafl wrote:
>
> I'd still like everything to go to /var/log/messages, but I'd like to
> also send certain types of messages to different logs to simplify
> troubleshooting, etc - ie, I often peruse the logs with:
>
> egrep '(reject|warning|error|fatal|panic):' /var/log/messages
>
> But I'd like to actually feed all of those messages to a separate log,
> for easier tailing.
For each separate log you want, you'll need a destination/filter pair,
and you'll have to tie them together with a "log" directive. For example,
destination warnlog { file("/var/log/warn.log"); };
filter f_warn { level(warn); };
log { source(src); filter(f_warn); destination(warnlog); };
