Following are the some contents of my /etc/syslog-ng/syslog-ng.confrelated to logging in to the file debug.log
source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); # udp(ip(0.0.0.0) port(514)); };
destination d_mesg { file("/tmp/log/debug.log"); };
filter f_filter2 { level(info..emerg) and not facility(mail,authpriv,cron); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
I would like to take your attention towards the line containing "filter". There you can see that i am filtering out the logs from mail, authpriv and cron. As far as my knowledge goes, mail, authpriv and cron are pre-defined facilities of syslog.
My query is :
I have a written a daemon named "pm" which also uses the syslog APIs for logging. Now whatever my daemon logs, goes into the file /tmp/log/debug.log as you can see above. I would like to filter out the logs of "pm" from going into /tmp/log/debug.log. To make it more clear i would like to have the filter like
filter f_filter2 { level(info..emerg) and not facility(mail,authpriv,cron,pm); };
Please Note : the difference in f_filter2 compared to above.
Is it possible to do this ? How can i prevent pm logs from going into /tmp/log/debug.log?
I got the answer.
We can create filters using the filter keyword:
filter <filtername> { expression; };Where expression is a simple boolean expression. You can use "and", "or" and "not" to connect builtin functions. Functions can be one of:
facility(list of comma seperated facility names)
level(list of comma seperated priority nammes OR a range separated by "..")
program(regexp to match program name)host(regexp to match program name)
match(regexp to match program name)
So, if we want to add our own program, for example "pm", to the filter use it like this:
And if we want to filter out the log messages of "pm", use the filter like this :