[systemd-devel] right way to log to rsyslog/syslog only?

Leonid Isaev lisaev at umail.iu.edu
Thu Aug 7 13:41:26 PDT 2014 

On Thu, Aug 07, 2014 at 08:01:31PM +0000, "Jóhann B. Guðmundsson" wrote:
> Give me an actual working example how this is solved using rsyslog/syslog-ng
> filters

A quick (and probably dirty) way with syslog-ng:
------
% grep dnsmasq /etc/syslog-ng/syslog-ng.conf 
destination d_dnsmasq { file("/run/log/dnsmasq.log"); };
filter f_daemon { facility(daemon) and not level(debug) and not program(hostap) and not program(dnsmasq-dhcp); };
filter f_dnsmasq { program(dnsmasq-dhcp); };
log { source(src); filter(f_dnsmasq); destination(d_dnsmasq); };
------

So, "dnsmasq-dhcp" is the prefix (used by dnsmasq by default) for "normal"
messages, while "dnsmasq" -- for everything else. Here is some statistics:
------
% uptime
 16:38:29 up 22 days, 22:05,  1 user,  load average: 0.00, 0.01, 0.05

% wc -l /run/log/dnsmasq.log*
1212 /run/log/dnsmasq.log
972 /run/log/dnsmasq.log.1
2077 /run/log/dnsmasq.log.2
958 /run/log/dnsmasq.log.3
    5219 total

% head -n 2 /run/log/dnsmasq.log
2014-08-03T00:05:42.000000-04:00 metal-0 dnsmasq-dhcp[460]: DHCPREQUEST(br0) 10.0.0.4 30:39:26:e3:ec:4e
2014-08-03T00:05:42.000000-04:00 metal-0 dnsmasq-dhcp[460]: DHCPACK(br0) 10.0.0.4 30:39:26:e3:ec:4e android-2f74c9ab3fa43caa

% for i in /var/log/daemon.log*; do echo $i; grep dnsmasq $i | wc -l;  done
/var/log/daemon.log
0
/var/log/daemon.log.1
1
/var/log/daemon.log.2
2
/var/log/daemon.log.3
11
/var/log/daemon.log.4
11
/var/log/daemon.log.5
0
/var/log/daemon.log.6
0
/var/log/daemon.log.7
23
/var/log/daemon.log.8
30

% grep dnsmasq /var/log/daemon.log.1 
2014-08-02T15:46:05.000000-04:00 metal-0 dnsmasq[460]: possible DNS-rebind attack detected: direct.stroyka.ru
------

Sorry for a long reply...
-- 
Leonid Isaev
GPG fingerprints: DA92 034D B4A8 EC51 7EA6  20DF 9291 EE8A 043C B8C4
                  C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140807/257718e0/attachment.sig>

More information about the systemd-devel mailing list