Tim_92618
Aug 31, 2012Nimbostratus
syslog filtering
we are trying to modify our syslog to get just warning and emergency level notifications, but all of the filters we have tried are not working.
modify syslog {
auth-priv-from warning
auth-priv-to emerg
cron-from warning
cron-to emerg
daemon-from warning
daemon-to emerg
description none
include "
filter f_remote_loghost {
level(warn..emerg);
};
filter f_local6_httpd_ssl_acc {
facility(local6)
and match(\"\\[ssl_acc\\]\") and not match(\"\\] 172.30.x.x\"); };
filter f_local6_httpd_ssl_req {
facility(local6)
and match(\"\\[ssl_req\\]\") and not match(\"\\] 172.30.x.x\"); };
destination d_remote_loghost {
udp(\"172.30.y.y\" port(514));
};
log {
source(s_syslog_pipe);
filter(f_remote_loghost);
filter(f_local6_httpd_ssl_acc);
filter(f_local6_httpd_ssl_req);
destination(d_remote_loghost);
};
"
iso-date disabled
kern-from warning
kern-to emerg
mail-from warning
mail-to emerg
messages-from warning
messages-to warning
remote-servers replace-all-with {
remotesyslog1 {
description none
host 172.30.y.y
local-ip none
remote-port 514
}
}
user-log-from warning
user-log-to emerg