On Thu, 23 Dec 2010, Mauricio Tavares wrote:
On 12/22/10 2:16 AM, [email protected] wrote:
On Wed, 22 Dec 2010, Mauricio Tavares wrote:
AFAIK, fail2ban is not a facility so something like this
fail2ban.* /var/log/fail2ban/fail2ban.log
should not work. However, it seems that
*.*;auth,authpriv.none;\
fail2ban.none; \
local6.none;local7.none -/var/log/syslog/syslog.log
works. How so?
when you say it 'works', what does it do?
What I wanted to happen is that output from fail2ban should not be
written into the syslog.log file. Instead it would go to its own file. How I
ended up achieving the latter was to say
if ($programname contains 'fail2ban') then /var/log/fail2ban/fail2ban.log
I *want* to say fail2ban is not writing to syslog.log right now, but since we
were not attached since last night I do not know if
*.*;auth,authpriv.none;\
fail2ban.none; \
local6.none;local7.none -/var/log/syslog/syslog.log
is working. From what I read, it shouldn't...
no, it wouldn't because fail2ban.none is not valid. the part in front of
the '.' is not an application name, it's a reserved name that maps to one
of ~16 possible facility values.
what I would expect would happen is that nothing would be written to
syslog.log with your example, because I would expect rsyslog to declare
that line invalid and ignore it at startup.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
