"Dan Egli" <d...@newideatest.site>, 08.04.2021, 20:15:
> I'm afraid that didn't work either. I did as you said, and changed the > syslog filter line to read: filter syslog { not filter(sshd) and not filter > (samba); }; which would match the previous lines (see URL below). I still see > sshd messages in /var/log/messages when I ssh into the machine. I'm totally > lost. I've posted relevant files for everyone to see. All are updated in real > time becuase they are either symlinks to the actual files, or are the target > of a redirection directly: > https://www.newideatest.site/syslog-conf = /etc/syslog-ng/syslog-ng.conf Is the filter definition correct? filter sshd { program("ssdhd"); }; ^ ??? s. > https://www.newideatest.site/syslog-out = output of syslog-ng -Fdav > https://www.newideatest.site/system_log = /var/log/messages > Any further ideas are most welcome.