[syslog-ng]Maillog to be split
Dave Johnson
syslog-ng@lists.balabit.hu
Mon, 10 Jan 2005 12:20:20 -0600
Jules--
This is going to be mta specific. IE: depending on what your running
and your requirements are; its possible to have one mta process accept
and queue the mail; and another one that send/deliver the mail. If
this is the case; it maybe possible for the mta to have different
syslog facilities/priorities for each of these processes. Again; this
is going to be mta specific.
The other option is to regex out the lines your want to be seperated.
So for example [off the top of my head-- you can try something like
this (which I haven't tested:] on sendmail; only logging inbound
accepted messages and outbound attempts:
(some errors will not be picked up on these regexes):
filter f_mailin { facility (mail); match("daemon=MTA"); };
filter f_mailout { facility (mail); match("mailer=esmtp"); };
destination maillogin { file ("/var/log/maillog.in" perm(0644); };
destination maillogout { file ("/var/log/maillog.out" perm(0644); };
log { source(local); filter(f_mailin); destination(maillogin); };
log { source(local); filter(f_mailout); destination(maillogout); };
On Mon, 10 Jan 2005 17:11:07 +0000, JulesF <julesf@the4.co.uk> wrote:
> How would I go about splitting the maillog to show both inbound and
> outbound services in different files; what amenedments need to be made to
> syslong-ng.conf?
>
> The current maillog entry:
>
> destination d_mail { file("/var/log/maillog"); };
>
> Thanks. J
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>