This is a follow-up to this question. mghocke was kind enough to help me out with that question, but this is really a separate question, therefor a new post.
I really don't know a lot about syslog, and am trying to move away from syslogd to syslog-ng.
In Solaris' syslogd, there is an 'audit' facility that you can see configured below:
local7.debug /var/log/ncolog
audit.debug /var/log/ncolog
local7.debug @nimitz
audit.debug @nimitz
In my new syslog-ng.conf, it is configured like this:
filter f_local7 { facility (local7); };
filter f_audit { facility (audit); };
...
log { source (s_sys); filter (f_local7); destination (d_ncolog); destination (d_nimitz); };
log { source (s_sys); filter (f_audit); destination (d_ncolog); destination (d_nimitz); };
But syslog-ng doesn't recognize the 'audit' facility. I've looked around some, and it seems that the 'audit' facility is facility 13, but 'local13' doesn't work. What is this facility called in syslog-ng?
Instead of using the symbolic name 'audit' you have to use the numeric code 13: