[colug-432] syslog-ng: redirecting away from /var/log/messages

Brian bnmille at gmail.com
Fri Sep 9 18:43:36 EDT 2016 

Well, this might not get you everything you want, but I would think about
having a short syslog-ng.conf file, which would have an "include" line to
look into /etc/syslog-ng.d/ for individual log file configurations.  So you
would completely remove any reference to /var/log/messages.  There wouldn't
me any need for a "not" directive.

On Sep 9, 2016 12:06 PM, "Rick Hornsby" <richardjhornsby at gmail.com> wrote:

> Having some trouble figuring out how to configure syslog-ng. We want
> to use .d files, but we also want to make sure the logs we say in
> those .d files "go to /var/log/some-app.log", aren't also going to
> /var/log/messages.
>
> One approach is to use .d files to write the source, destination, and
> log{} blocks for 'some-app' into conf.d/some-app.conf, and put "not"
> filters in the main syslog-ng.conf for the same. That approach isn't
> scalable, and is difficult to work with in Puppet, because it means
> trying to figure out how write a conf.d file (easy, clean) and
> re-write syslog-ng.conf (hard, messy) for every application that needs
> it.
>
> I was looking at tags, which might work. Each .d file could use a
> rewrite rule to tag its own logs with 'dont-write-me-to-messages'. In
> syslog-ng.conf, we would just have to use a single filter for "not
> tag('dont-write-me-to-messages')". The idea is to keep syslog-ng.conf
> as consistent across the fleet and as clean as possible, and delegate
> to .d files.
>
> syslog-ng's docs are not helping. I can't seem to figure out a way to
> add a tag conditionally.
>
> "Tags can be also added and deleted using rewrite rules. For details,
> see section 11.2.7[1]"
>
> Section 11.2.6 talks about conditional rewrites, but the next page
> 11.2.7 regarding tagging is basically useless. It's as if the whole
> idea of a rewrite, with rules and conditions, doesn't exist for tags?
> If you try to do, for example
>
>         set-tag('ignore', condition(program('puppet-agent')));
>
> The syntax parser complains that condition is an unexpected keyword.
>
> Am I doing something wrong with the tags? Is there another approach I'm
> missing?
>
> thanks!
>
>
>
> [1] https://www.balabit.com/documents/syslog-ng-ose-3.8-
> guides/en/syslog-ng-ose-guide-admin/html/rewrite-tags.html.
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20160909/37276ea6/attachment.html

More information about the colug-432 mailing list