To fine-tune what log entries are needed or how they are forwarded to different destinations, it is possible to use filters in syslog-ng configurations. Although their use is optional, they are highly recommended because they represent the real flexibility of syslog-ng.
Filtering can be set using seven different criteria that are summarized in the following list.
- facility()
The type of messages referring to the nature of the log entry. For example,
auth,cron,daemon,kern,mail.- priority()
The assigned priority level of the log message.
The possible priority levels are the following in order of severity:
none,debug,info,notice,warning,err,crit,alert,emerg.- level()
The same as priority.
- program()
The name of the software component that generated the log entry.
- host()
The machine that the log message arrived from.
- match()
A regular expression that is compared to the contents of the log message
- filter()
Additional filter.
By combining these elements you can manually configure a fairly complex logging environment in a couple of lines of “code”, with basic knowledge on the syntax of syslog-ng rules. If you use MC, MC takes care of the correct syntax and allows you to focus on the actual rule creation process.
For more detailed information on syslog-ng, see Appendix C, Further readings.
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu
