Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Dan Egli <dan@×××××××××××.site>
To: gentoo-user@l.g.o, Michael Orlitzky <mjo@g.o>
Subject: Re: [gentoo-user] syslog-ng misbehaving
Date: Wed, 07 Apr 2021 18:06:15
Message-Id: 5b8af1d8-cc21-5aeb-8812-acf7f4fd2a66@newideatest.site
In Reply to: Re: [gentoo-user] syslog-ng misbehaving by Michael Orlitzky
1 I had posted the whole file. But I can do it again easy enough.
2
3 --------------------------------
4 @version: 3.30
5
6 @include "scl.conf"
7
8 options {
9     threaded(yes);
10     chain_hostnames(no);
11     stats_freq(43200);
12     mark_freq(3600);
13 };
14
15 source src { system(); internal(); };
16
17 filter samba { program("samba"); };
18 filter ssh_messages { facility("AUTH") and level("INFO"); };
19 filter syslog { not filter("ssh_messages") and not filter("samba"); };
20
21 destination console { file("/dev/tty12"); };
22 destination messages { file("/var/log/messages"); };
23 destination sshd_log { file("/var/log/sshd/sshd.log"); };
24 destination smb_logs { file("/var/log/samba/samba.log"); };
25
26 log { source(src); filter(samba); destination(smb_logs); flags(final); );
27 log { source(src); filter(ssh_messages); destination(sshd_log);
28 flags(final); };
29 log { source(src); filter(syslog); destination(console); };
30 log { source(src); filter(syslog); destination(messages); };
31 ----------------------------
32
33 There, that's the ENTIRE file, sans comments.
34
35 On 4/7/2021 5:47 AM, Michael Orlitzky wrote:
36 > On Wed, 2021-04-07 at 02:02 -0600, Dan Egli wrote:
37 >> It's worth a shot. I never completely got boolean logic, so you may be
38 >> right.
39 >>
40 > It depends on an implicit order of operations. Usually "not" has higher
41 > precedence than "and" and "or", but personally I wouldn't count on it
42 > unless the documentation says so (or you've tried it).
43 >
44 > It's like when you see a+b/c*d. Some people use PEMDAS, some people use
45 > BEDMAS. Neither of them work, and they give different answers. It's no
46 > wonder nobody understands this stuff.
47 >
48 > In any case, post your whole syslog-ng.conf file. Some later directive
49 > could be shoveling things into /var/log/messages.
50 >
51 >
52 >
Report Message
Find on MARC Find on Google Groups