LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Gentoo
Reload this Page syslog-ng & auth.log don't want to be friends ;(
User Name
Password
Gentoo This forum is for the discussion of Gentoo Linux.

Notices


Reply
  Search this Thread
Old 08-07-2015, 09:21 AM   #1
eeluve
Member
 
Registered: Nov 2011
Location: Russia, SPb
Distribution: all of 'em
Posts: 49

Rep: Reputation: Disabled
syslog-ng & auth.log don't want to be friends ;(

I have 3.14.14-gentoo x64, syslog-ng 3.4.8, Snoopy 2.4.0. syslog had default config, I added:
Code:
destination authlog { file("/var/log/auth.log"); };
rebooted system since snoopy install, restarted syslog daemon past config modification, cr8ed auth.log with 777 temporarily even tho 600 should be enough owned by root:root(same as messages). snoopy works and keep writing to "messages", but under no means I seem to be able to make him log execv(e) to auth.log. Any advices would be appreciated.
 
Old 08-08-2015, 02:20 AM   #2
balabit
syslog-ng documentation maintainer at BalaBit
 
Registered: Jun 2009
Posts: 16

Rep: Reputation: 2
Did you also include this destination in a syslog-ng log path?
 
Old 08-08-2015, 02:40 PM   #3
eeluve
Member
 
Registered: Nov 2011
Location: Russia, SPb
Distribution: all of 'em
Posts: 49

Original Poster
Rep: Reputation: Disabled
Yea, thank you very much for a pointer. For those who might be searching for it in future, I'll just post working & self-explanatory block example to save them syslog-ng manual rummaging time:

source src { system(); internal(); };

log { source(src); destination(console_all); };

destination messages { file("/var/log/messages"); };
filter f_src { level(debug..emerg) and not program("snoopy"); };
log {
source(src);
filter(f_src);
destination(messages);
};

destination d_snoop { file("/var/log/auth.log"); };
filter f_snoop { program("snoopy"); };
log {
source(src);
filter(f_snoop);
destination(d_snoop);
};
Last edited by eeluve; 08-08-2015 at 02:44 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
the significance and name of the 5th column of /var/log/auth.log (ubuntu server)? CoffeeKing!!! Linux - Security 4 02-05-2009 07:32 AM
What the %$#@ is pam_unix (cron:session) doing every ten minutes? (/var/log/auth.log) CoffeeKing!!! Linux - Security 3 02-05-2009 07:07 AM
/var/log/auth.log doens't have correct date and hostname (Solution) alfmarius Linux - Newbie 0 10-07-2008 06:09 AM
I need help getting syslog to log remotely, this is just the regular syslog. abefroman Linux - Software 2 06-05-2008 11:36 AM
HELP!!!! /var/log/messages & syslog 350MB and growing!! nemat0de Mandriva 1 05-29-2004 06:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Gentoo

All times are GMT -5. The time now is 09:16 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration