On 4/8/2021 9:59 AM, Dr Rainer Woitok wrote:
Dan,
On Wednesday, 2021-04-07 12:05:10 -0600, you wrote:
I had posted the whole file. But I can do it again easy enough.
...
filter samba { program("samba"); };
filter ssh_messages { facility("AUTH") and level("INFO"); };
filter syslog { not filter("ssh_messages") and not filter("samba"); };
Omit the double quotes in this last line. You're needing the NAMES of
the filters here.
I'm afraid that didn't work either. I did as you said, and changed the
syslog filter line to read: filter syslog { not filter(sshd) and not
filter (samba); }; which would match the previous lines (see URL below).
I still see sshd messages in /var/log/messages when I ssh into the
machine. I'm totally lost. I've posted relevant files for everyone to
see. All are updated in real time becuase they are either symlinks to
the actual files, or are the target of a redirection directly:
https://www.newideatest.site/syslog-conf = /etc/syslog-ng/syslog-ng.conf
https://www.newideatest.site/syslog-out = output of syslog-ng -Fdav
https://www.newideatest.site/system_log = /var/log/messages
Any further ideas are most welcome.
