I'm afraid but I'd need more information than this. I've now added a lot
of testcases to my unit test program, and auth, authpriv and local0
filtering works fine.
Priority filtering (debug) also worked fine.
I've started syslog-ng with this configuration:
options { long_hostnames(off); };
#
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
source src { unix-stream("/dev/log"); internal(); file("/proc/kmsg"
flags(kernel) log_prefix("kernel: ")); };
destination dst { file("/var/log/messages"); };
destination kern { file("/var/log/kern.log" template("<$PRI>$ISODATE $HOST
$MSG\n")); };
filter kern { facility(kern); };
log { source(src); filter(kern); destination(kern); flags(final); };
log { source(src); destination(dst); };
Added this iptables rule:
iptables -A INPUT -j LOG --log-prefix "PF: INPUT " --log-level debug
And the log messages generated were successfully delivered
to /var/log/kern.log and did not appear in /var/log/messages.
To proceed, I'd need a simplified configuration file and a complete log
message (with priority information, see the template in my configuration
above) which triggers the problem.
I have tested my latest copy, but I have not touched the filtering logic
for a long time now. What I did add recently however is a set of
debugging messages which describe how the filtering decision is made.
This is going to be available as a snapshot tomorrow.
--
Bazsi
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
