| 1 |
On 4/8/2021 9:59 AM, Dr Rainer Woitok wrote: |
| 2 |
> Dan, |
| 3 |
> |
| 4 |
> On Wednesday, 2021-04-07 12:05:10 -0600, you wrote: |
| 5 |
> |
| 6 |
>> I had posted the whole file. But I can do it again easy enough. |
| 7 |
>> ... |
| 8 |
>> filter samba { program("samba"); }; |
| 9 |
>> filter ssh_messages { facility("AUTH") and level("INFO"); }; |
| 10 |
>> filter syslog { not filter("ssh_messages") and not filter("samba"); }; |
| 11 |
> Omit the double quotes in this last line. You're needing the NAMES of |
| 12 |
> the filters here. |
| 13 |
> |
| 14 |
|
| 15 |
I'm afraid that didn't work either. I did as you said, and changed the |
| 16 |
syslog filter line to read: filter syslog { not filter(sshd) and not |
| 17 |
filter (samba); }; which would match the previous lines (see URL below). |
| 18 |
I still see sshd messages in /var/log/messages when I ssh into the |
| 19 |
machine. I'm totally lost. I've posted relevant files for everyone to |
| 20 |
see. All are updated in real time becuase they are either symlinks to |
| 21 |
the actual files, or are the target of a redirection directly: |
| 22 |
|
| 23 |
https://www.newideatest.site/syslog-conf = /etc/syslog-ng/syslog-ng.conf |
| 24 |
https://www.newideatest.site/syslog-out = output of syslog-ng -Fdav |
| 25 |
https://www.newideatest.site/system_log = /var/log/messages |
| 26 |
|
| 27 |
|
| 28 |
Any further ideas are most welcome. |
Archives