On Tue, 6 Apr 2021 23:11:15 -0600, Dan Egli wrote: > Before I seek out a mailing list for syslog-ng, I was hoping I could > get some tips from people here. I recently started trying to separate > logs into various functions rather than letting everything go to > /var/log/messages. So I created three filters in syslog-ng. One is > intended to separate sshd messages, one to separate samba messages, and > the other to say "everything ELSE". The problemĀ I seem to be having is > that the everything ELSE log still shows things that should have been > removed! For example, when I login via ssh I get identical notification > in the /var/log/messages and in /var/sshd/sshd.log. So I'm lost. I'm > including my syslog-ng.conf. Perhaps someone here can tell me what I'm > doing wrong.
> filter samba { program("samba"); };
> filter ssh_messages { facility("AUTH") and level("INFO"); };
> filter syslog { not filter("ssh_messages") and not filter("samba"); };
Shouldn't this be an or? You are filtering out anything that is in both
groups, which will be a very small set of messages.
--
Neil Bothwick
Ralph's Observation - It is a mistake to allow any mechanical object
to realize that you are in a hurry.
pgpsE9HcUiRWm.pgp
Description: OpenPGP digital signature
