On Tue, Jan 15, 2002 at 01:47:24PM +0100, [EMAIL PROTECTED] wrote: > > On the remote server, there are many mon entries in the /var/log/messages > ... > > e.g. > Jan 15 13:29:35 pc426 mon[20686]: client connection from 172.20.12.216:34029 > Jan 15 13:29:35 pc426 mon[20686]: client command "protid 9745" > Jan 15 13:29:35 pc426 mon[20686]: client command "list failures" > Jan 15 13:29:35 pc426 mon[20686]: client connection from 172.20.12.216:34030 > > How can I disable this many info mon messages in the /var/log/messages file > Can I use the syslog_facility for my problem ?
I wrote my own syslog server so I could save the facility/severity info in the files themselves: Jan 15 07:28:20 hostname mon[9456]: [LOCAL2.INFO]: client command "checkauth enable" Jan 15 05:15:03 hostname mon[3417]: [LOCAL2.CRIT]: failure for VIPs http 1011100502 click-1.hotbot.com dir.hotbot.lycos.com listen.lycos.com listeningroom.lycos.com static-1wired.com www-1hotwired.com Jan 15 07:22:24 hostname mon[9456]: [LOCAL2.ALERT]: calling alert iis.alert for sc8lynewsfe02/http (/usr/local/mon/alert.d/iis.alert,[EMAIL PROTECTED]) sc8lynewsfe02.hotwired.com These seem to be the only facility/severity combos I have on my loghost from mon: local2.info, local2.crit, local2.alert. Since you understand how syslog.conf works to sort messages based on this info, you can choose which facility/severity combos you wish to write to a file. -- Nate Campi http://www.campin.net GnuPG key: 0xC17AEF79 "It is easier to change the specification to fit the program than vice versa."