23 is the hard coded constant for local7. They are identical.
facility(23) and facility(local7) mean the exact same thing.
On 12/16/2020 10:30 AM, David Haller wrote:
Hello,
On Wed, 16 Dec 2020, Todd Goodman wrote:
I think you need a semi-colon inside and after the right curly brace ('}')
You right braces are parentheses and not right curly braces too (maybe a cut
and paste issue?)
FWIW, the following is what I use to separate my mail logs out and it works:
destination messages { file("/var/log/messages"); };
destination maillog { file("/var/log/maillog"); };
filter f_mail { facility(mail); };
filter f_messages { not facility(mail); };
log { source(src); filter(f_mail); destination(maillog); };
log { source(src); filter(f_messages); destination(messages); };
On 12/15/2020 10:44 PM, Dan Egli wrote:
Help me understand this, please? I have ISC dhcpd configured to log to
syslog.local7 (since I don't see an option to force it into it's own log
file). So I went into my syslog-ng file and created two filters, just
like on the example page of syslog-ng.com:
filter dhcpmsgs { facility(23) );
filter non_dhcp { NOT filter(dhcpmsgs) )
Also, where's that '23' coming from? Shouldn't that be
filter dhcpmsgs { facility(local7); };
HTH,
-dnh
--
Dan Egli
From my Test Server
