FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 02-04-2009, 02:42 PM
Yannick Mortier
 
Default syslog-ng +bash history

2009/2/4 Marcin Niskiewicz <mniskiewicz@gmail.com>:
> Hello
> Everything that is written by users on console is logged in 3 different
> files (debug , syslog, messages) ...
> I'd like to route all history logs to one file only... i know how to make a
> filter which would write it to specific file but still everything is written
> to other files as well.
>
> is there possibility to configure syslog-ng to log history only to one file
> (for example history.log) and leave others files clean?
>
> best regards
> nichu
>


Hello Marcin!
I imply that you already have done some modifications to your
syslog-ng.conf as logging everything the user type on the console is
not in the standard file that comes with gentoo.

Basically syslog-ng has got sources and destinations. So you have to
take a look at your syslog-ng.conf and find out the name of the
sources and the name of the destination of the history.log file.

Then you can simply add the following line (replace the variables accordingly)

log { source([source that was previously used for debug]);
source([source that was previously used for syslog]); source([source
that was previously used for messages]); destination([destination of
history.log]) };

If all the sources give you the same messages or they are one and the
same source just insert only this one. If your history.log file was
not defined by now you can simply add it as a destination with

destination [name] { file("[path-to-history.log]/history.log");}

Also if there are other log lines that contain the sources and the
destinations that you mentioned you have to remove them completely if
they only contain this one source or just remove the source that
delivers the history.

Then syslog-ng should only log into history.log

Greetings


--
Currently developing a browsergame...
http://www.p-game.de
Trade - Expand - Fight

Follow me at twitter!
http://twitter.com/moortier
 
Old 02-05-2009, 07:31 AM
Marcin Niskiewicz
 
Default syslog-ng +bash history

2009/2/4 Yannick Mortier <mvmortier@googlemail.com>

2009/2/4 Marcin Niskiewicz <mniskiewicz@gmail.com>:



Hello Marcin!

I imply that you already have done some modifications to your

syslog-ng.conf as logging everything the user type on the console is

not in the standard file that comes with gentoo.



Basically syslog-ng has got sources and destinations. So you have to

take a look at your syslog-ng.conf and find out the name of the

sources and the name of the destination of the history.log file.



Then you can simply add the following line (replace the variables accordingly)



log { source([source that was previously used for debug]);

source([source that was previously used for syslog]); source([source

that was previously used for messages]); destination([destination of

history.log]) };



If all the sources give you the same messages or they are one and the

same source just insert only this one. If your history.log file was

not defined by now you can simply add it as a destination with



destination [name] { file("[path-to-history.log]/history.log");}



Also if there are other log lines that contain the sources and the

destinations that you mentioned you have to remove them completely if

they only contain this one source or just remove the source that

delivers the history.



Then syslog-ng should only log into history.log



Greetings





--

Currently developing a browsergame...

http://www.p-game.de

Trade - Expand - Fight



Follow me at twitter!

http://twitter.com/moortier





As I can see I wrote my post unclearly
I meant that in standard configuration (without any changes) everything typed in console is written to those 3 files (debug ,
syslog, messages)
And I would like syslog not to log history in those 3 files.
So I made filter to route it to history.log
It works fine (it writes history to history.log) but still it writes it to those 3 files (debug ,
syslog, messages)* as well ...
so now everything I type is written to 4 files (debug ,
syslog, messages and history.log) and I'd like it to be written only to 1 file.

I hope it's clear now
regards


My STANDARD configuration (with my modifiication to route history to history.log) looks like this:



# Copyright 2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened,v 1.5 2007/10/30 17:16:15 solar Exp $


#
# Syslog-ng configuration file, compatible with default hardened installations.
#

options {
******* chain_hostnames(off);
******* sync(0);
******* stats(43200);
};

source src { unix-stream("/dev/log"); internal(); };

source kernsrc { file("/proc/kmsg"); };

destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };

destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); file("/dev/tty12"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };

destination uucp { file("/var/log/uucp.log"); };
destination mail { file("/var/log/mail/mail.log"); };

destination avc { file("/var/log/avc.log"); };
destination audit { file("/var/log/audit.log"); };

destination pax { file("/var/log/pax.log"); };
destination grsec { file("/var/log/grsec.log"); };
destination historia { file("/var/log/history.log"); };

destination mailinfo { file("/var/log/mail/mail.info"); };

destination mailwarn { file("/var/log/mail/mail.warn"); };
destination mailerr { file("/var/log/mail/mail.err"); };

destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };

destination newsnotice { file("/var/log/news/news.notice"); };

destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };

destination console_all { file("/dev/tty12"); };

destination xconsole { pipe("/dev/xconsole"); };

filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };

filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };

filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
******* and not facility(auth, authpriv, mail, news); };

filter f_emergency { level(emerg); };

filter f_info { level(info); };

filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };


filter f_avc { match(".*avc: .*"); };
filter f_audit { match("^audit.*") and not match(".*avc: .*"); };
filter f_pax { match("^PAX:.*"); };
filter f_grsec { match("^grsec:.*"); };

filter f_history { match(".*HISTORY*"); };

log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };

log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };

log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_history); destination(history); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };

log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
 
Old 02-05-2009, 01:26 PM
Willie Wong
 
Default syslog-ng +bash history

On Thu, Feb 05, 2009 at 09:31:07AM +0100, Penguin Lover Marcin Niskiewicz squawked:
> It works fine (it writes history to history.log) but still it writes it to
> those 3 files (debug , syslog, messages) as well ...
> so now everything I type is written to 4 files (debug , syslog, messages and
> history.log) and I'd like it to be written only to 1 file.
>

If you have a filter rule that matches for history, why don't you just
append "and not [insert rule here]" to the filter rule for syslog,
messages, and debug?

W
--
"This is just for cultural purposes, so don't panic."
~DeathMech, S. Sondhi. P-town PHY 205
Sortir en Pantoufles: up 790 days, 13:07
 
Old 02-12-2009, 12:40 PM
Marcin Niskiewicz
 
Default syslog-ng +bash history

2009/2/5 Willie Wong <wwong@princeton.edu>

On Thu, Feb 05, 2009 at 09:31:07AM +0100, Penguin Lover Marcin Niskiewicz squawked:

> It works fine (it writes history to history.log) but still it writes it to

> those 3 files (debug , syslog, messages) *as well ...

> so now everything I type is written to 4 files (debug , syslog, messages and

> history.log) and I'd like it to be written only to 1 file.

>



If you have a filter rule that matches for history, why don't you just

append "and not [insert rule here]" to the filter rule for syslog,

messages, and debug?



W

--

"This is just for cultural purposes, so don't panic."

~DeathMech, S. Sondhi. P-town PHY 205

Sortir en Pantoufles: up 790 days, 13:07




Hello
thanks for helping me
as it seems the solution was easy - i had to put "flags(final);" parameter and change a little order in config file and put:
log { source(src); filter(f_history); destination(history); flags(final); };

in the highest line in log section
and it works!

(the solution from syslog-ng group)

thanks again

regards
nichu
 

Thread Tools




All times are GMT. The time now is 02:35 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org