Esteemed,
I created an entry in syslog-ng to collect OpenLdap information (slapd) from message.log,
but it is writing the same information in the log where I put it to record and is also writing to /var/log/message
Below is the entry created:
@version: 7.0
#Default configuration file for syslog-ng.
#
# For a description of syslog-ng configuration file directives, please read
# the syslog-ng Administrator's guide at:
#
# www.balabit.com/.../documentation
#
@include "scl.conf"
@include 'clm-syslogng.conf'
options {
stats_freq(0);
};
######
# sources
# message generated by Syslog-NG
source s_local { internal(); system(); monitoring_welf(); };
######
## filters
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); };
filter f_slapd { program("slapd"); };
filter f_not_slapd { not match (program("slapd")); };
######
# destinations
destination d_messages { file("/var/log/messages"); };
destination d_slapd { file("/apps/logs/slapd.log" owner(ldap) group(guia) perm(0644)); };
######
# logs
log { source(s_local); destination(d_messages); };
log { source(s_local); filter(f_slapd); destination(d_slapd); flags(final); };
I would like to know how to leave only the recording in /apps/logs/slapd.log ?
- Products
- View all products
- Free trials
- Privileged Access Management
- Overview
- Safeguard
- Safeguard On Demand
- Safeguard for Privileged Analytics
- Safeguard for Privileged Passwords
- Safeguard for Privileged Sessions
- Safeguard Remote Access
-
Endpoint Privilege Management
- Privilege Manager for Windows
- Privilege Manager for Unix
- Safeguard Authentication Services
- Safeguard for Sudo
- Access Management
- Identity Governance and Administration
- Active Directory Management
- Log Management
- Solutions
- Resources
- Trials
- Support
- Partners
- Communities