Hi list, i''ve installed syslog-ng in replacement of the old syslog but can''t get the log logged to /var/log/shorewall/warn.log, etc... here are my settings in the syslog-ng.conf : destination d_shorewall_warn { file ("/var/log/shorewall/warn.log" owner(root) group(root) ); }; destination d_shorewall_info { file ("/var/log/shorewall/info.log" owner(root) group(root) ); }; filter f_shorewall_warn { level (warn) and match ("Shorewall"); }; filter f_shorewall_info { level (info) and match ("Shorewall"); }; log { source (s_all); filter (f_shorewall_warn); destination (d_shorewall_warn); }; log { source (s_all); filter (f_shorewall_info); destination (d_shorewall_info); }; The /var/log/shorewall/warn and info.log have the root:root 644 permissions. At now everything is logged in /var/log/messages. What did i wrong ? best regards mess-mate -- ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On 3/23/07, mess-mate <mess-mate@wanadoo.fr> wrote:> Hi list, > i''ve installed syslog-ng in replacement of the old syslog but can''t > get the log logged to /var/log/shorewall/warn.log, etc... > > here are my settings in the syslog-ng.conf : > destination d_shorewall_warn > { > file ("/var/log/shorewall/warn.log" > owner(root) > group(root) > ); > }; > > destination d_shorewall_info > { > file ("/var/log/shorewall/info.log" > owner(root) > group(root) > ); > }; > > filter f_shorewall_warn > { > level (warn) and match ("Shorewall"); > }; > > filter f_shorewall_info > { > level (info) and match ("Shorewall"); > }; > > log > { > source (s_all); > filter (f_shorewall_warn); > destination (d_shorewall_warn); > }; > > log > { > source (s_all); > filter (f_shorewall_info); > destination (d_shorewall_info); > }; > > The /var/log/shorewall/warn and info.log have the root:root 644 > permissions. > > At now everything is logged in /var/log/messages. > What did i wrong ?Not sure, seems to be the same as my config, except that I don''t filter for warn/info. My only difference is that I have a "flags(final);" in my log statement, because I don''t want the messages to appear in my shorewall log and in messages. ~David ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
mess-mate wrote:> > At now everything is logged in /var/log/messages.Are you complaining that Shorewall messages are logged in one of your Shorewall logs *and* in /var/log/messages or are you complaining that they are logged in /var/log/messages but *not* in the Shorewall logs? In either event, I''ve attached a syslog-ng.conf that works -- you can use it as an example. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep <teastep@shorewall.net> wrote: | mess-mate wrote: | | > | > At now everything is logged in /var/log/messages. | | Are you complaining that Shorewall messages are logged in one of your | Shorewall logs *and* in /var/log/messages or are you complaining that they | are logged in /var/log/messages but *not* in the Shorewall logs? | | In either event, I''ve attached a syslog-ng.conf that works -- you can use it | as an example. | | -Tom | -- Thanks, your syslog-ng.conf putted me on the right way. It works now and a ''not match'' did the trick to not logging to /var/log/messages. best regards mess-mate -- ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV