2009/2/4 Yannick Mortier
> 2009/2/4 Marcin Niskiewicz :
> Hello Marcin!
> I imply that you already have done some modifications to your
> syslog-ng.conf as logging everything the user type on the console is
> not in the standard file that comes with gentoo.
>
> Basically syslog-ng has got sources and destinations. So you have to
> take a look at your syslog-ng.conf and find out the name of the
> sources and the name of the destination of the history.log file.
>
> Then you can simply add the following line (replace the variables
> accordingly)
>
> log { source([source that was previously used for debug]);
> source([source that was previously used for syslog]); source([source
> that was previously used for messages]); destination([destination of
> history.log]) };
>
> If all the sources give you the same messages or they are one and the
> same source just insert only this one. If your history.log file was
> not defined by now you can simply add it as a destination with
>
> destination [name] { file("[path-to-history.log]/history.log");}
>
> Also if there are other log lines that contain the sources and the
> destinations that you mentioned you have to remove them completely if
> they only contain this one source or just remove the source that
> delivers the history.
>
> Then syslog-ng should only log into history.log
>
> Greetings
>
>
> --
> Currently developing a browsergame...
> http://www.p-game.de
> Trade - Expand - Fight
>
> Follow me at twitter!
> http://twitter.com/moortier
>
>
As I can see I wrote my post unclearly ;)
I meant that in standard configuration (without any changes) everything
typed in console is written to those 3 files (debug , syslog, messages)
And I would like syslog not to log history in those 3 files.
So I made filter to route it to history.log
It works fine (it writes history to history.log) but still it writes it to
those 3 files (debug , syslog, messages) as well ...
so now everything I type is written to 4 files (debug , syslog, messages and
history.log) and I'd like it to be written only to 1 file.
I hope it's clear now ;)
regards
My STANDARD configuration (with my modifiication to route history to
history.log) looks like this:
# Copyright 2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header:
/var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened,v
1.5 2007/10/30 17:16:15 solar Exp $
#
# Syslog-ng configuration file, compatible with default hardened
installations.
#
options {
chain_hostnames(off);
sync(0);
stats(43200);
};
source src { unix-stream("/dev/log"); internal(); };
source kernsrc { file("/proc/kmsg"); };
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); file("/dev/tty12"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };
destination mail { file("/var/log/mail/mail.log"); };
destination avc { file("/var/log/avc.log"); };
destination audit { file("/var/log/audit.log"); };
destination pax { file("/var/log/pax.log"); };
destination grsec { file("/var/log/grsec.log"); };
destination historia { file("/var/log/history.log"); };
destination mailinfo { file("/var/log/mail/mail.info"); };
destination mailwarn { file("/var/log/mail/mail.warn"); };
destination mailerr { file("/var/log/mail/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
destination xconsole { pipe("/dev/xconsole"); };
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_avc { match(".*avc: .*"); };
filter f_audit { match("^audit.*") and not match(".*avc: .*"); };
filter f_pax { match("^PAX:.*"); };
filter f_grsec { match("^grsec:.*"); };
filter f_history { match(".*HISTORY*"); };
log { sour
