From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 2E7871382C5 for ; Wed, 16 Dec 2020 19:24:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E13E8E0943; Wed, 16 Dec 2020 19:24:39 +0000 (UTC) Received: from newideatest.site (jupiter.newideatest.site [209.141.58.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9A4CDE08CE for ; Wed, 16 Dec 2020 19:24:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=newideatest.site; s=main; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=NMtJi1fTlx1JCFOonjVZ4xv6kA0nftBrE98QaV5eFr4=; b=mRtgY/qGuR84vfoWQY5/Sgbekw zRM9YpWWsX8ZOuEGLHs+MOB3mQO3aPyYLBRK6oH0q1FZMN8mupC3N/ddKo7B8H7hesJDapY2XFBZk zYH1fgsrmr00a5d6Usm+OT6dAyyRZXoz7MhhpJwpmdp3YKir9EvFh0A9c/2/78fVAduX+9ttjUq9P iXwfoBAgtzigalsCWVX5wWiCv3RSQqM315scKZ/hZKfW7B0AT+8TkmDdpcQxg4mTxRzQbBpEQnkKi WKd3aSrTgt2/St98MwaDoz+41kDSmriXqERlb6Cx2g/+ETPGOJE9AW9ob0qZug/JXLaU3HxKbrpo7 chnFqRHw==; Received: from mobile-166-171-123-30.mycingular.net ([166.171.123.30] helo=[172.20.10.2]) by newideatest.site with esmtpsa (TLS1.3:ECDHE_SECP384R1__RSA_PSS_RSAE_SHA384__CHACHA20_POLY1305:256) (Exim 4.93) (envelope-from ) id 1kpcPN-00CB3t-VV for gentoo-user@lists.gentoo.org; Wed, 16 Dec 2020 19:24:22 +0000 Subject: Re: [gentoo-user] syslog-ng: filter plugin NOT not found ???? To: gentoo-user@lists.gentoo.org References: From: Dan Egli Message-ID: Date: Wed, 16 Dec 2020 12:24:33 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Scanned-By: unscanned primary on newideatest.site (209.141.58.25); Wed, 16 Dec 2020 19:24:22 +0000 X-Archives-Salt: 71a2c598-a638-45c1-a09b-ffdb535f0a44 X-Archives-Hash: 09dbe98ce8b1128a8f0aaebd57197be1 Well, I'm starting to make progress. But something isn't right. I found out the plugin error was due to the fact that despite syslog-ng.com showing the reversal as NOT, the actual statement is not (all lower case vs all upper case). So that means that syslog-ng loads just fine. But I can't get the dhcp output to where I want it. If I have the syslog facility in dhcpd turned on, or if I redirect the output to a file in systemd, then I get dhcpd messages in the file AND in the syslog itself (/var/log/messages). No matter what I try, the dhcpd output ALWAYS goes to syslog. I can get it to go to a separate file TOO, but not ONLY. Here's the entire syslog-ng.conf and the service file for dhcpd. Hopefully you guys can figure something out I missed: (dhcpd4.service) [Unit] Description=DHCPv4 Server Daemon Documentation=man:dhcpd(8) man:dhcpd.conf(5) After=network.target After=time-sync.target After=network-online.target Wants=network-online.target StandardOut=null StandardError=null [Service] ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcp -group dhcp --no-pid [Install] WantedBy=multi-user.target With everyhing going to null, you'd think that with the syslog statement in dhcpd.conf disabled, I'd get no log at all. But I still get the log in /var/log/messages. Here's syslog-ng.conf: @version: 3.26 options {         threaded(yes);         chain_hostnames(no);         stats_freq(43200);         mark_freq(3600); }; filter dhcpfilter { facility(local7); }; filter nondhcp { not filter(dhcpfilter); }; source src { system(); internal(); }; destination messages { file("/var/log/messages"); }; destination dhcplog { file("/var/log/dhcpd.log");  }; destination console_all { file("/dev/tty12"); }; log { source(src); filter(nondhcp); destination(messages);  }; log { source(src); destination(console_all); }; log { source(src); filter(dhcpfilter); destination(dhcplog);  }; And for what it's worth, here's my dhcpd.conf: default-lease-time 3600; max-lease-time 43200; # Use this to enble / disable dynamic dns updates globally. ddns-update-style interim; authoritative; # log-facility local7; allow booting; subnet 10.0.2.0 netmask 255.255.255.0 { # no services at all! } subnet 192.168.10.0 netmask 255.255.255.0 {         range 192.168.10.128 192.168.10.254;         if exists user-class and option user-class = "iPXE" {         filename "pxelinux.efi";         } else {         filename "pxelinux.0";         }         next-server 192.168.10.3;         option domain-name-servers 192.168.10.2, 8.8.8.8;         option domain-name "eglifamily.name";         option routers 192.168.10.1; } host testbox-1 {         hardware ethernet 08:00:27:D5:AA:3C;         fixed-address 192.168.10.64;         option host-name "testbox-1";         ddns-hostname "testbox-1.eglifamily.name"; } -- Dan Egli From my Test Server