Re: [gentoo-user] syslog-ng: filter plugin NOT not found ????
23 is the hard coded constant for local7. They are identical.
facility(23) and facility(local7) mean the exact same thing.
On 12/16/2020 10:30 AM, David Haller wrote:
Hello,
On Wed, 16 Dec 2020, Todd Goodman wrote:
I think you need a semi-colon inside and after the right curly brace ('}')
You right braces are parentheses and not right curly braces too (maybe a cut
and paste issue?)
FWIW, the following is what I use to separate my mail logs out and it works:
destination messages { file("/var/log/messages"); };
destination maillog { file("/var/log/maillog"); };
filter f_mail { facility(mail); };
filter f_messages { not facility(mail); };
log { source(src); filter(f_mail); destination(maillog); };
log { source(src); filter(f_messages); destination(messages); };
On 12/15/2020 10:44 PM, Dan Egli wrote:
Help me understand this, please? I have ISC dhcpd configured to log to
syslog.local7 (since I don't see an option to force it into it's own log
file). So I went into my syslog-ng file and created two filters, just
like on the example page of syslog-ng.com:
filter dhcpmsgs { facility(23) );
filter non_dhcp { NOT filter(dhcpmsgs) )
Also, where's that '23' coming from? Shouldn't that be
filter dhcpmsgs { facility(local7); };
HTH,
-dnh
--
Dan Egli
From my Test Server
Re: [gentoo-user] syslog-ng: filter plugin NOT not found ????
Well, I'm starting to make progress. But something isn't right. I found
out the plugin error was due to the fact that despite syslog-ng.com
showing the reversal as NOT, the actual statement is not (all lower case
vs all upper case). So that means that syslog-ng loads just fine. But I
can't get the dhcp output to where I want it. If I have the syslog
facility in dhcpd turned on, or if I redirect the output to a file in
systemd, then I get dhcpd messages in the file AND in the syslog itself
(/var/log/messages). No matter what I try, the dhcpd output ALWAYS goes
to syslog. I can get it to go to a separate file TOO, but not ONLY.
Here's the entire syslog-ng.conf and the service file for dhcpd.
Hopefully you guys can figure something out I missed:
(dhcpd4.service)
[Unit]
Description=DHCPv4 Server Daemon
Documentation=man:dhcpd(8) man:dhcpd.conf(5)
After=network.target
After=time-sync.target
After=network-online.target
Wants=network-online.target
StandardOut=null
StandardError=null
[Service]
ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcp -group
dhcp --no-pid
[Install]
WantedBy=multi-user.target
With everyhing going to null, you'd think that with the syslog statement
in dhcpd.conf disabled, I'd get no log at all. But I still get the log
in /var/log/messages. Here's syslog-ng.conf:
@version: 3.26
options {
threaded(yes);
chain_hostnames(no);
stats_freq(43200);
mark_freq(3600);
};
filter dhcpfilter { facility(local7); };
filter nondhcp { not filter(dhcpfilter); };
source src { system(); internal(); };
destination messages { file("/var/log/messages"); };
destination dhcplog { file("/var/log/dhcpd.log"); };
destination console_all { file("/dev/tty12"); };
log { source(src); filter(nondhcp); destination(messages); };
log { source(src); destination(console_all); };
log { source(src); filter(dhcpfilter); destination(dhcplog); };
And for what it's worth, here's my dhcpd.conf:
default-lease-time 3600;
max-lease-time 43200;
# Use this to enble / disable dynamic dns updates globally.
ddns-update-style interim;
authoritative;
# log-facility local7;
allow booting;
subnet 10.0.2.0 netmask 255.255.255.0 {
# no services at all!
}
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.128 192.168.10.254;
if exists user-class and option user-class = "iPXE" {
filename "pxelinux.efi";
} else {
filename "pxelinux.0";
}
next-server 192.168.10.3;
option domain-name-servers 192.168.10.2, 8.8.8.8;
option domain-name "eglifamily.name";
option routers 192.168.10.1;
}
host testbox-1 {
hardware ethernet 08:00:27:D5:AA:3C;
fixed-address 192.168.10.64;
option host-name "testbox-1";
ddns-hostname "testbox-1.eglifamily.name";
}
--
Dan Egli
From my Test Server
Re: [gentoo-user] syslog-ng: filter plugin NOT not found ????
Hello,
On Wed, 16 Dec 2020, Todd Goodman wrote:
>I think you need a semi-colon inside and after the right curly brace ('}')
>
>You right braces are parentheses and not right curly braces too (maybe a cut
>and paste issue?)
>
>FWIW, the following is what I use to separate my mail logs out and it works:
>
>destination messages { file("/var/log/messages"); };
>destination maillog { file("/var/log/maillog"); };
>
>filter f_mail { facility(mail); };
>filter f_messages { not facility(mail); };
>
>log { source(src); filter(f_mail); destination(maillog); };
>log { source(src); filter(f_messages); destination(messages); };
>
>On 12/15/2020 10:44 PM, Dan Egli wrote:
>> Help me understand this, please? I have ISC dhcpd configured to log to
>> syslog.local7 (since I don't see an option to force it into it's own log
>> file). So I went into my syslog-ng file and created two filters, just
>> like on the example page of syslog-ng.com:
>>
>> filter dhcpmsgs { facility(23) );
>> filter non_dhcp { NOT filter(dhcpmsgs) )
Also, where's that '23' coming from? Shouldn't that be
filter dhcpmsgs { facility(local7); };
HTH,
-dnh
--
printk(KERN_DEBUG "%s: Flex. T...\n", DRV_NAME);
linux-2.6.6/drivers/net/wan/dscc4.c
Re: [gentoo-user] syslog-ng: filter plugin NOT not found ????
I think you need a semi-colon inside and after the right curly brace ('}')
You right braces are parentheses and not right curly braces too (maybe a
cut and paste issue?)
FWIW, the following is what I use to separate my mail logs out and it works:
destination messages { file("/var/log/messages"); };
destination maillog { file("/var/log/maillog"); };
filter f_mail { facility(mail); };
filter f_messages { not facility(mail); };
log { source(src); filter(f_mail); destination(maillog); };
log { source(src); filter(f_messages); destination(messages); };
On 12/15/2020 10:44 PM, Dan Egli wrote:
Help me understand this, please? I have ISC dhcpd configured to log
to syslog.local7 (since I don't see an option to force it into it's
own log file). So I went into my syslog-ng file and created two
filters, just like on the example page of syslog-ng.com:
filter dhcpmsgs { facility(23) );
filter non_dhcp { NOT filter(dhcpmsgs) )
I quoted almost directly from the example page on syslog-ng.com, but I
keep getting this error when I reload syslog-ng's config:
Error parsing filter expression, filter plugin NOT not found OR you
may not used double quotes in your filter expression in
/etc/syslog-ng/syslog-ng.conf:25:18-25:21:
What did I do wrong? Here's the lines I modified from the syslog-ng page:
filter demo_filter { host("example") and match("deny"
value("MESSAGE")) };
filter inverted_demo_filter { NOT filter(demo_filter) }
You can see the page at:
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/administration-guide/53
[gentoo-user] syslog-ng: filter plugin NOT not found ????
Help me understand this, please? I have ISC dhcpd configured to log to
syslog.local7 (since I don't see an option to force it into it's own log
file). So I went into my syslog-ng file and created two filters, just
like on the example page of syslog-ng.com:
filter dhcpmsgs { facility(23) );
filter non_dhcp { NOT filter(dhcpmsgs) )
I quoted almost directly from the example page on syslog-ng.com, but I
keep getting this error when I reload syslog-ng's config:
Error parsing filter expression, filter plugin NOT not found OR you may
not used double quotes in your filter expression in
/etc/syslog-ng/syslog-ng.conf:25:18-25:21:
What did I do wrong? Here's the lines I modified from the syslog-ng page:
filter demo_filter { host("example") and match("deny" value("MESSAGE")) };
filter inverted_demo_filter { NOT filter(demo_filter) }
You can see the page at:
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/administration-guide/53
--
Dan Egli
From my Test Server
