1 |
On 4/8/2021 9:59 AM, Dr Rainer Woitok wrote: |
2 |
> Dan, |
3 |
> |
4 |
> On Wednesday, 2021-04-07 12:05:10 -0600, you wrote: |
5 |
> |
6 |
>> I had posted the whole file. But I can do it again easy enough. |
7 |
>> ... |
8 |
>> filter samba { program("samba"); }; |
9 |
>> filter ssh_messages { facility("AUTH") and level("INFO"); }; |
10 |
>> filter syslog { not filter("ssh_messages") and not filter("samba"); }; |
11 |
> Omit the double quotes in this last line. You're needing the NAMES of |
12 |
> the filters here. |
13 |
> |
14 |
|
15 |
I'm afraid that didn't work either. I did as you said, and changed the |
16 |
syslog filter line to read: filter syslog { not filter(sshd) and not |
17 |
filter (samba); }; which would match the previous lines (see URL below). |
18 |
I still see sshd messages in /var/log/messages when I ssh into the |
19 |
machine. I'm totally lost. I've posted relevant files for everyone to |
20 |
see. All are updated in real time becuase they are either symlinks to |
21 |
the actual files, or are the target of a redirection directly: |
22 |
|
23 |
https://www.newideatest.site/syslog-conf = /etc/syslog-ng/syslog-ng.conf |
24 |
https://www.newideatest.site/syslog-out = output of syslog-ng -Fdav |
25 |
https://www.newideatest.site/system_log = /var/log/messages |
26 |
|
27 |
|
28 |
Any further ideas are most welcome. |