Syslog-ng and named logs
 

Hi Guys,

I have a Centos 4.4 installed on a machine . On this machine i was running my DNS server. I was getting the DNS logs in /var/log/messeges when i was running syslog service on it due to the following line in syslog.conf.


*.info;mail.none;authpriv.none;cron.none /var/log/messages

Now i have installed syslog-ng on this machine and following are the lines in syslog-ng.conf for info messages.

destination d_mesg { file("/var/log/messages"); };
filter f_filter2 { level(info..emerg) and
not (facility(mail)
or facility(authpriv)); };


log { source(s_sys); filter(f_filter2); destination(d_mesg); };


Now in /var/log/messages i am not getting the named logs in /var/log/messages with syslog-ng. Can u let me know what could be wrong.

I'm not sure what facility / prio bind uses by default - it might be daemon:info -, but either way it's nicer to set your own to know where you stand... http://users.hszk.bme.hu/~bp/bind/logging.html

You should be able to do something like this (as an alternative to changing the bind config):



destination d_mesg { file("/var/log/messages"); };
filter f_filter2 { program("named") or (level(info..emerg) and
not (facility(mail)or facility(authpriv))); };


log { source(s_sys); filter(f_filter2); destination(d_mesg); };


I haven't verified that it works, but seems like it should.