From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-152630-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 4B79313827E
	for <garchives@archives.gentoo.org>; Sun, 22 Dec 2013 23:35:46 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id E9E17E0A85;
	Sun, 22 Dec 2013 23:35:37 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id DD974E08E0
	for <gentoo-user@lists.gentoo.org>; Sun, 22 Dec 2013 23:35:36 +0000 (UTC)
Received: from [192.168.1.100] (c-68-49-223-78.hsd1.md.comcast.net [68.49.223.78])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: mjo)
	by smtp.gentoo.org (Postfix) with ESMTPSA id B42F933F4F6
	for <gentoo-user@lists.gentoo.org>; Sun, 22 Dec 2013 23:35:35 +0000 (UTC)
Message-ID: <52B7773E.4090107@gentoo.org>
Date: Sun, 22 Dec 2013 18:35:26 -0500
From: Michael Orlitzky <mjo@gentoo.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] syslog-ng configs for separating warnings/errors
 and different types of traffic
References: <52B748E7.5090007@libertytrek.org>
In-Reply-To: <52B748E7.5090007@libertytrek.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Archives-Salt: dfcf70c3-389a-446a-ba1c-f416211b02bc
X-Archives-Hash: a969a3b60151f4d7aeaff09d39cf42b4

On 12/22/2013 03:17 PM, Tanstaafl wrote:
> 
> I'd still like everything to go to /var/log/messages, but I'd like to 
> also send certain types of messages to different logs to simplify 
> troubleshooting, etc - ie, I often peruse the logs with:
> 
> egrep '(reject|warning|error|fatal|panic):' /var/log/messages
> 
> But I'd like to actually feed all of those messages to a separate log, 
> for easier tailing.

For each separate log you want, you'll need a destination/filter pair,
and you'll have to tie them together with a "log" directive. For example,

  destination warnlog { file("/var/log/warn.log"); };
  filter f_warn { level(warn); };
  log { source(src); filter(f_warn); destination(warnlog); };