Yea, that was it. I can't believe I missed that. Boy do I feel dumb now.
Thanks!
On 4/8/2021 11:11 PM, Stefan Schmiedl wrote:
"Dan Egli" <d...@newideatest.site>, 08.04.2021, 20:15:
I'm afraid that didn't work either. I did as you said, and changed the syslog
filter line to read: filter syslog { not filter(sshd) and not filter (samba);
}; which would match the previous lines (see URL below). I still see sshd
messages in /var/log/messages when I ssh into the machine. I'm totally lost.
I've posted relevant files for everyone to see. All are updated in real time
becuase they are either symlinks to the actual files, or are the target of a
redirection directly:
https://www.newideatest.site/syslog-conf = /etc/syslog-ng/syslog-ng.conf
Is the filter definition correct?
filter sshd { program("ssdhd"); };
^ ???
s.
https://www.newideatest.site/syslog-out = output of syslog-ng -Fdav
https://www.newideatest.site/system_log = /var/log/messages
Any further ideas are most welcome.
