
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
432
|
Chapter 12: System Log Management and Monitoring
Example 12-18 shows several filter{} statements taken from the default syslog-ng.
conf file included in Debian 2.2’s Syslog-ng package.
The first line in Example 12-18,
filter f_mail, matches all messages logged to the
mail facility. The second filter, f_debug, matches all messages not logged to the auth,
authpriv, news, and mail facilities.
The third filter, f_messages, matches messages of priority levels info through warn,
except those logged to the auth, authpriv, cron, daemon, mail,andnews facilities.
The last filter, called f_cother, matches all messages of priority levels debug, info,
notice, and warn, and also all messages logged to the daemon and mail facilities.
When you create your own filters, be sure to test them using the logger command.
See the section entitled “Testing System Logging with logger” later in this chapter.
Log statements
Now we combine the elements we’ve just defined (sources, filters, and destinations)
into
log{} statements. Arguably, these are the simplest statements in syslog-ng.conf:
each consists only of a semicolon-delimited list of
source( ), destination( ), and,
optionally,
filter( ) references. (Filters are optional because a log{} statement
containing only
source( ) and destination( ) references will ...