|
|
RE: regex and priority(local7) question: msg#00013syslog-ng
I do have one quick question on the filter f_local7 { facility(local7) and level(debug..emerg); }; does this mean it is grabbing all level between debug - emerg, or just those 2 ? thanks again. ~!>D This config snippet works for me .... my PIXies are set to log via TCP1468 rather than UDP/514. Real IP Addresses replaced with fakes. As with your situation, I have other network gear running on local7 as well. Syslog-ng's wonderful filtration allows for a nice separation of all the classes of switch/router/firewall/VPN-bricks. Ted ...... source local { unix_stream("/dev/log" max-connections(200) keep-alive(yes) ); # UDP listeners for Internal syslog-ng interconnections udp(ip(127.0.0.1) port(514)); udp(ip(1.2.3.4) port(514)); }; source pixtcp { tcp(ip(1.2.3.4) port(1468) max-connections(10) keep-alive(yes)); }; filter f_local7 { facility(local7) and level(debug..emerg); }; filter f_pixmsg { match("%PIX"); }; filter f_misclocal7 { filter(f_local7) and not filter(f_pixmsg); }; destination d_local7 { file("/var/log/local7.debug" sync(0) ); }; destination d_pixlog { file("/var/log/pixlog.debug" sync(0) ); }; log { source(pixtcp); filter(f_local7); filter(f_pixmsg); destination(d_pixlog); }; log { source(local); filter(f_misclocal7); destination(d_local7); }; ...... -----Original Message----- ************************************************************************************************ This E-mail message, including any attachments, is intended only for the person or entity to which it is addressed, and may contain confidential information. If you are not the intended recipient, any review, retransmission, disclosure, copying, modification or other use of this E-mail message or attachments is strictly forbidden. If you have received this E-mail message in error, please contact the author and delete the message and any attachments from your computer. You are also advised that the views and opinions expressed in this E-mail message and any attachments are the author's own, and may not reflect the views and opinions of FLEXTECH Television Limited. ************************************************************************************************ _______________________________________________ syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html _______________________________________________ syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | cycling filenames every n-secs?: 00013, email lists |
|---|---|
| Next by Date: | RE: regex and priority(local7) question: 00013, Rule, Ted |
| Previous by Thread: | cycling filenames every n-secs?i: 00013, email lists |
| Next by Thread: | RE: regex and priority(local7) question: 00013, Rule, Ted |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |