2009/2/4 Yannick Mortier <mvmortier@googlemail.com>
2009/2/4 Marcin Niskiewicz <mniskiewicz@gmail.com>:
Hello Marcin!
I imply that you already have done some modifications to your
syslog-ng.conf as logging everything the user type on the console is
not in the standard file that comes with gentoo.
Basically syslog-ng has got sources and destinations. So you have to
take a look at your syslog-ng.conf and find out the name of the
sources and the name of the destination of the history.log file.
Then you can simply add the following line (replace the variables accordingly)
log { source([source that was previously used for debug]);
source([source that was previously used for syslog]); source([source
that was previously used for messages]); destination([destination of
history.log]) };
If all the sources give you the same messages or they are one and the
same source just insert only this one. If your history.log file was
not defined by now you can simply add it as a destination with
destination [name] { file("[path-to-history.log]/history.log");}
Also if there are other log lines that contain the sources and the
destinations that you mentioned you have to remove them completely if
they only contain this one source or just remove the source that
delivers the history.
Then syslog-ng should only log into history.log
Greetings
--
Currently developing a browsergame...
http://www.p-game.de
Trade - Expand - Fight
Follow me at twitter!
http://twitter.com/moortier
As I can see I wrote my post unclearly
I meant that in standard configuration (without any changes) everything typed in console is written to those 3 files (debug ,
syslog, messages)
And I would like syslog not to log history in those 3 files.
So I made filter to route it to history.log
It works fine (it writes history to history.log) but still it writes it to those 3 files (debug ,
syslog, messages)* as well ...
so now everything I type is written to 4 files (debug ,
syslog, messages and history.log) and I'd like it to be written only to 1 file.
I hope it's clear now
regards
My STANDARD configuration (with my modifiication to route history to history.log) looks like this:
# Copyright 2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened,v 1.5 2007/10/30 17:16:15 solar Exp $
#
# Syslog-ng configuration file, compatible with default hardened installations.
#
options {
******* chain_hostnames(off);
******* sync(0);
******* stats(43200);
};
source src { unix-stream("/dev/log"); internal(); };
source kernsrc { file("/proc/kmsg"); };
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); file("/dev/tty12"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };
destination mail { file("/var/log/mail/mail.log"); };
destination avc { file("/var/log/avc.log"); };
destination audit { file("/var/log/audit.log"); };
destination pax { file("/var/log/pax.log"); };
destination grsec { file("/var/log/grsec.log"); };
destination historia { file("/var/log/history.log"); };
destination mailinfo { file("/var/log/mail/mail.info"); };
destination mailwarn { file("/var/log/mail/mail.warn"); };
destination mailerr { file("/var/log/mail/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
destination xconsole { pipe("/dev/xconsole"); };
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
******* and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_avc { match(".*avc: .*"); };
filter f_audit { match("^audit.*") and not match(".*avc: .*"); };
filter f_pax { match("^PAX:.*"); };
filter f_grsec { match("^grsec:.*"); };
filter f_history { match(".*HISTORY*"); };
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_history); destination(history); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
syslog-ng +bash history
