From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 68EA51382C5 for ; Wed, 16 Dec 2020 19:30:17 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 28FBEE0946; Wed, 16 Dec 2020 19:30:12 +0000 (UTC) Received: from newideatest.site (jupiter.newideatest.site [209.141.58.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D418AE08F9 for ; Wed, 16 Dec 2020 19:30:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=newideatest.site; s=main; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=CV95Wzx64/UbKLiXqggSEB80fnTprV4atvdhrM0VPv0=; b=loUPdvUXjBmCYHagcbKuDVEPSX P6cJ/DFgpo5uXLu9I7vwbHfgBu5aApIdMcWw0pJcWfgAuYBRbyi0MO3jjScxxiOABYAK/WRYCfIUD 9CDjTRMjP7E+6ql25AJfRG4oM4+BSpJ59jWq3jq3v+nVjShyWxfhi3RcL3OT2V8Wh7O5ZSZe8DaQW E+Ayf1PU9FDTVH57lQi2P1oqikhk7AhgHfR/vbqSBd4IeITQcmfi4mjlH3qqvZiKz6Yydc0PgBzh/ LPR1uwiaGmDXB6r1vkUPbWOmqkolak/xAc+qnlRCWYVKw5YosS5WiGrdDRt14RKF2c0/EwoJhedOr zHbFKZyQ==; Received: from mobile-166-171-123-30.mycingular.net ([166.171.123.30] helo=[172.20.10.2]) by newideatest.site with esmtpsa (TLS1.3:ECDHE_SECP384R1__RSA_PSS_RSAE_SHA384__CHACHA20_POLY1305:256) (Exim 4.93) (envelope-from ) id 1kpcUk-00CB6t-Mn for gentoo-user@lists.gentoo.org; Wed, 16 Dec 2020 19:29:54 +0000 Subject: Re: [gentoo-user] syslog-ng: filter plugin NOT not found ???? To: gentoo-user@lists.gentoo.org References: <20201216173018.taxstoacvnbcynet@grusum.endjinn.de> From: Dan Egli Message-ID: <4cea33ae-39ef-f846-c98e-707a3da0b54e@newideatest.site> Date: Wed, 16 Dec 2020 12:30:08 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: <20201216173018.taxstoacvnbcynet@grusum.endjinn.de> Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Scanned-By: unscanned primary on newideatest.site (209.141.58.25); Wed, 16 Dec 2020 19:29:54 +0000 X-Archives-Salt: 917ce22a-c3e3-4e56-b3d8-4e7ae026b6d1 X-Archives-Hash: ad2dac1bc54fbf385d531e3e8160801f 23 is the hard coded constant for local7. They are identical. facility(23) and facility(local7) mean the exact same thing. On 12/16/2020 10:30 AM, David Haller wrote: > Hello, > > On Wed, 16 Dec 2020, Todd Goodman wrote: >> I think you need a semi-colon inside and after the right curly brace ('}') >> >> You right braces are parentheses and not right curly braces too (maybe a cut >> and paste issue?) >> >> FWIW, the following is what I use to separate my mail logs out and it works: >> >> destination messages { file("/var/log/messages"); }; >> destination maillog { file("/var/log/maillog"); }; >> >> filter f_mail { facility(mail); }; >> filter f_messages { not facility(mail); }; >> >> log { source(src); filter(f_mail); destination(maillog); }; >> log { source(src); filter(f_messages); destination(messages); }; >> >> On 12/15/2020 10:44 PM, Dan Egli wrote: >>> Help me understand this, please?  I have ISC dhcpd configured to log to >>> syslog.local7 (since I don't see an option to force it into it's own log >>> file). So I went into my syslog-ng file and created two filters, just >>> like on the example page of syslog-ng.com: >>> >>> filter dhcpmsgs { facility(23) ); >>> filter non_dhcp { NOT filter(dhcpmsgs) ) > Also, where's that '23' coming from? Shouldn't that be > > filter dhcpmsgs { facility(local7); }; > > HTH, > -dnh > -- Dan Egli From my Test Server