Re: SYSLOGD config question.

Mon, 24 Jul 2023 12:07:33 -0700 

No sweat, Tom. And no laughing.

Not sure how to *exclude* things, but I use two catchall statements.
(And I avoid fancy extensions to the original specification: keep it simple.) 
So my /etc/syslog.conf looks mostly like ...

        *.info /var/log/messages
        *.info @loghost
The first statement routes all event types (the asterisk) with a priority of "info" or more to the common file. The second statement routes the same traffic to a remote SYSLOG listener. (I like using UDP for a lot of reasons, and you didn't ask, so skipping for now.) 
But I think you already know this part. Moving on then.

Is your catchall working?
So you want to exclude certain traffic? Would it be acceptable to replace the catchall(s) with a number of specific statements?
The way SYSLOG routes traffic is by the facility name. (I used an asterisk in the example, but you can code any of the ten or so pre-defined facilities, and/or make up your own as "local1" or "local5" or whatever.) 
So maybe ...

        auth.info /var/log/messages
        cron.info /var/log/messages
        daemon.info /var/log/messages
        kern.info               /var/log/messages
        security.info /var/log/messages
        user.info /var/log/messages
         ... so on ...
local2.info             /var/log/otherfile
local7.info             /var/log/thirdfile

Does this help?

-- R; <><


On 7/24/23 14:42, Tom Longfellow wrote:

I apologize to all who have seen this before.   BUT since I cannot find my 
original post here, I am going to try again.

I am sure that all of Unix Gurus will laugh at my ignorance, but I still cannot 
break through this wall.   The syntax of syslogd.conf is a complete mystery of 
arcane directives that I have been unable to juggle..

I currently have a set up that send all messages from TASKA to LOGA... All 
messages from TASKB to LOGB.
There is also a 'catchall' that sends all the messages to a common log file.

What I would 'like' to do is replace the 'catchall' with a selection screen 
that exclude TASKA and TASKB messages but still collects the rest of the syslog 
traffic.

=-=-=--=-=-

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to