I'm trying to cleanup my logging using syslog-ng (version 1.5.6-1). The problem at this point is that my firewall (iptables) logs are showing up in my newly setup firewall log file, and still in the messages kern.log and syslog files. I used the default syslog-ng.conf file and added the following lines to the appropriate sections: destination firewall { file("/var/log/firewall" owner("root") group("adm") perm\(0640)); };
filter f_firewall { match("Dropped: .*IN=.*OUT=.*"); }; log { source(src); filter(f_firewall); destination(firewall); }; My desire is to have all firewall logs go ONLY to the firewall log file. Does the order in which these entries occur matter? I just noticed that the destination entry was at the end of that section while the filter and log entries are at the beginning. I moved the destination entry to the beginning of that section and will watch the logs. thanks for any help...jc -- Jeff Coppock Nortel Networks Systems Engineer http://nortelnetworks.com Major Accts. Santa Clara, CA