| Main Archive Page > Month Archives > syslog-ng-users archives |
Re: [syslog-ng] Log to syslog file, filter from fifo
From: Balazs Scheidler <bazsi_at_nospam>Date: Fri Dec 09 2011 - 20:26:30 GMT
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
On Fri, 2011-11-25 at 09:02 -0700, Lay, James wrote:
> Topic says it. I think I have a pretty simple layout:
>
>
>
>
>
> log {
>
> source(s_local);
>
> filter(f_firewall);
>
> destination(d_file);
>
> destination(fifo);
>
> };
>
>
>
> Can I change this to:
>
>
>
> log {
>
> source(s_local);
>
> destination(d_file);
>
> filter(f_firewall);
>
> destination(fifo);
>
> };
>
>
>
> ? Will this log to file, then filter, then go to fifo? Thanks and
> hope this isn’t a silly question…I read this from the admin guide:
>
>
>
> Log statements are processed in the order they appear in the
> configuration file, thus the order of log paths may influence what
> happens to a message, especially when using filters and log flags.
>
>
>
> So I’m hoping that is the case. Thank you.
Yes, it is. Starting with syslog-ng 3.0, you can organize your log paths
in a tree, which might be more readable, but achieves the same:
log {
source(s_local);
log { destination(d_file); };
log { filter(f_firewall); destination(fifo); };
};
The log {} statements on the 2nd level are branches of the tree rooted
at the outmost log statement.
You can have any number of embedded statements, and flags(final) is
usable too.
-- Bazsi ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq