On Thu, Aug 07, 2014 at 08:01:31PM +0000, "Jóhann B. Guðmundsson" wrote: > Give me an actual working example how this is solved using rsyslog/syslog-ng > filters
A quick (and probably dirty) way with syslog-ng: ------ % grep dnsmasq /etc/syslog-ng/syslog-ng.conf destination d_dnsmasq { file("/run/log/dnsmasq.log"); }; filter f_daemon { facility(daemon) and not level(debug) and not program(hostap) and not program(dnsmasq-dhcp); }; filter f_dnsmasq { program(dnsmasq-dhcp); }; log { source(src); filter(f_dnsmasq); destination(d_dnsmasq); }; ------ So, "dnsmasq-dhcp" is the prefix (used by dnsmasq by default) for "normal" messages, while "dnsmasq" -- for everything else. Here is some statistics: ------ % uptime 16:38:29 up 22 days, 22:05, 1 user, load average: 0.00, 0.01, 0.05 % wc -l /run/log/dnsmasq.log* 1212 /run/log/dnsmasq.log 972 /run/log/dnsmasq.log.1 2077 /run/log/dnsmasq.log.2 958 /run/log/dnsmasq.log.3 5219 total % head -n 2 /run/log/dnsmasq.log 2014-08-03T00:05:42.000000-04:00 metal-0 dnsmasq-dhcp[460]: DHCPREQUEST(br0) 10.0.0.4 30:39:26:e3:ec:4e 2014-08-03T00:05:42.000000-04:00 metal-0 dnsmasq-dhcp[460]: DHCPACK(br0) 10.0.0.4 30:39:26:e3:ec:4e android-2f74c9ab3fa43caa % for i in /var/log/daemon.log*; do echo $i; grep dnsmasq $i | wc -l; done /var/log/daemon.log 0 /var/log/daemon.log.1 1 /var/log/daemon.log.2 2 /var/log/daemon.log.3 11 /var/log/daemon.log.4 11 /var/log/daemon.log.5 0 /var/log/daemon.log.6 0 /var/log/daemon.log.7 23 /var/log/daemon.log.8 30 % grep dnsmasq /var/log/daemon.log.1 2014-08-02T15:46:05.000000-04:00 metal-0 dnsmasq[460]: possible DNS-rebind attack detected: direct.stroyka.ru ------ Sorry for a long reply... -- Leonid Isaev GPG fingerprints: DA92 034D B4A8 EC51 7EA6 20DF 9291 EE8A 043C B8C4 C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
pgpAhca1Wxzhm.pgp
Description: PGP signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel