PDA

View Full Version : syslog-ng su: ( to nagios )



tbrinkmann
13-Nov-2012, 08:49
Hi,
I try use syslog-ng to cut out some annoying messages from our message file. The check_mk nagios client is polling every 5 minutes. So the user root su to nagios and
this is reported in /var/log/messages. I create a filter to move the messages to /var/log/su/nagios

# SU NAGIOS Filters
filter f_su { match('to nagios'); };

# SU Logging
destination sude { file("/var/log/su/nagios"); };

log { source(src); filter(f_su); destination(sude); flags(final); };

My problem now is that the messages are reported in both files.
Does anyone can tell me what I have to change that these massages only will stored in the /var/log/su/nagios file.

Aditional question: Why SLES is using syslog-ng in version 1.x does it make sense to upgrate to syslog-ng V3 ?

*T

tbrinkmann
13-Nov-2012, 11:02
The final filter must be used before the message filter ....

smflood
13-Nov-2012, 18:25
On 13/11/2012 07:54, tbrinkmann wrote:

> I try use syslog-ng to cut out some annoying messages from our message
> file. The check_mk nagios client is polling every 5 minutes. So the user
> root su to nagios and
> this is reported in /var/log/messages. I create a filter to move the
> messages to /var/log/su/nagios
>
> # SU NAGIOS Filters
> filter f_su { match('to nagios'); };
>
> # SU Logging
> destination sude { file("/var/log/su/nagios"); };
>
> log { source(src); filter(f_su); destination(sude); flags(final); };
>
> My problem now is that the messages are reported in both files.
> Does anyone can tell me what I have to change that these massages only
> will stored in the /var/log/su/nagios file.

You need to edit the f_messages filter to add 'and not filter(f_su)'
before the first semi-colon at the end of the filter line (so before ';
};').

HTH.
--
Simon
Novell/SUSE/NetIQ Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------