[syslog-ng]Entries being logged to /var/log/messages as
wellas/var/log/HOSTS//$MONTH/$DAY/$HOS
Fred Turner
syslog-ng@lists.balabit.hu
Sat, 29 Jan 2005 13:49:08 -0500
Here is my source.. How would I go about doing that? Sorry I'm still pretty =
new with syslog0ng (3 hrs)...=0A=0A=0A=0A=0Asource src {=0A unix-stre=
am("/dev/log");=0A internal();=0A udp();=0A tcp(port(51=
40) keep-alive(yes));=0A=0A=0A=0A=0A=0A=0A=0A>>> Bill Nash <billn@billn.net>=
1/29/2005 1:46:15 PM >>>=0A=0ASyslog will log to multiple destinations if y=
ou set them. As below, you =
=0Ahave multiple facilities still logging to messages.=0A=0ADoes your 'src' =
source include your network ports, for receiving data from =
=0Aremote hosts? If it does, separate it to a new source and pair it with =
=0Ayour 'std' destination, exclusively. This will keep your local logs =
=0Aseparate from your remote logs.=0A=0A- billn=0A=0AOn Sat, 29 Jan 2005, Fr=
ed Turner wrote:=0A=0A> Sure, it's as follows.=0A>=0A> destination debug { f=
ile("/var/log/debug"); };=0A> destination messages { file("/var/log/messages=
"); };=0A>=0A>=0A> log { source(src); filter(f_daemon); destination(messages=
); };=0A> log { source(src); filter(f_kern); destination(messages); };=0A> l=
og { source(src); filter(f_lpr); destination(lpr); };=0A> log { source(src);=
filter(f_mail); destination(mail); };=0A> log { source(src); filter(f_user)=
; destination(messages); };=0A> log { source(src); filter(f_uucp); destinati=
on(uucp); };=0A> log { source(src); filter(f_mail); destination(maillog); };=
=0A> log { source(src); filter(f_mail); filter(f_info); destination(mailinfo=
); };=0A> log { source(src); filter(f_mail); filter(f_warn); destination(mai=
lwarn); };=0A> log { source(src); filter(f_mail); filter(f_err); destination=
(mailerr); };=0A> log { source(src); filter(f_news); filter(f_crit); destina=
tion(newscrit); };=0A> log { source(src); filter(f_news); filter(f_err); des=
tination(newserr); };=0A> log { source(src); filter(f_news); filter(f_notice=
); destination(newsnotice); };=0A> log { source(src); filter(f_messages); de=
stination(messages); };=0A> log { source(src); filter(f_emergency); destinat=
ion(console); };=0A>=0A>=0A>=0A>=0A>>>> Bill Nash <billn@billn.net> 1/29/200=
5 1:15:26 PM >>>=0A>=0A> Can you include your log directive? Chances are, th=
at's the culprit.=0A>=0A> - billn=0A>=0A>=0A> On Sat, 29 Jan 2005, Fred Turn=
er wrote:=0A>=0A>> Hi, I'm new to syslog-ng and have configured it to be a l=
oghost for many different firewall appliances. So I setup an automatic sorti=
ng entry as per the faq as follows:=0A>>=0A>> destination std {=0A>> =
file("/var/log/HOSTS/$MONTH/$DAY/$HOST-$YEAR-$MONTH-$DAY"=0A>> =
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)=0A>> =
);=0A>>=0A>>=0A>> Which works prefect The only problem is that it's als=
o putting them in the /var/log/messages log.=0A>>=0A>> How Can I stop the be=
havior as it's creating a huge /var/log/messages log.=0A>>=0A>>=0A>> Thanks=
=0A>>=0A>>=0A>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A>>=0A>>=
NOTE: This email and any files transmitted with it are confidential and int=
ended solely for the use of the individual or entity to whom they are addres=
sed. If you have received this email in error please notify the sender. Plea=
se note that any views or opinions presented in this email are solely those =
of the author and do not necessarily represent those of BBi Enterprises Inc.=
=0A>> Finally, the recipient should check this email and any attachments for=
the presence of viruses. BBi Enterprises Inc. accepts no liability for any =
damage caused by any virus transmitted by this email.=0A>>=0A>>=0A>> _______=
________________________________________=0A>> syslog-ng maillist - syslog-=
ng@lists.balabit.hu =
=0A>> https://lists.balabit.hu/mailman/listinfo/syslog-ng =
=0A>> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html=
=
=0A>>=0A>>=0A> _______________________________________________=0A> syslog-ng=
maillist - syslog-ng@lists.balabit.hu =
=0A> https://lists.balabit.hu/mailman/listinfo/syslog-ng =
=0A> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html =
=0A>=0A>=0A>=0A> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A>=0A> N=
OTE: This email and any files transmitted with it are confidential and inten=
ded solely for the use of the individual or entity to whom they are addresse=
d. If you have received this email in error please notify the sender. Please=
note that any views or opinions presented in this email are solely those of=
the author and do not necessarily represent those of BBi Enterprises Inc.=
=0A> Finally, the recipient should check this email and any attachments for =
the presence of viruses. BBi Enterprises Inc. accepts no liability for any d=
amage caused by any virus transmitted by this email.=0A>=0A>=0A> ___________=
____________________________________=0A> syslog-ng maillist - syslog-ng@li=
sts.balabit.hu =
=0A> https://lists.balabit.hu/mailman/listinfo/syslog-ng =
=0A> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html =
=0A>=0A>=0A_______________________________________________=0Asyslog-ng maill=
ist - syslog-ng@lists.balabit.hu =
=0Ahttps://lists.balabit.hu/mailman/listinfo/syslog-ng =
=0AFrequently asked questions at http://www.campin.net/syslog-ng/faq.html =
=0A=0A=0A=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=0ANOTE: This em=
ail and any files transmitted with it are confidential and intended solely f=
or the use of the individual or entity to whom they are addressed. If you ha=
ve received this email in error please notify the sender. Please note that a=
ny views or opinions presented in this email are solely those of the author =
and do not necessarily represent those of BBi Enterprises Inc. =
=0AFinally, the recipient should check this email and any attachments for th=
e presence of viruses. BBi Enterprises Inc. accepts no liability for any dam=
age caused by any virus transmitted by this email.=0A