Johan Lindquist wrote:
> So anyway, it was like, 18:49 CEST Mar 29 2005, you know? Oh, and, yeah,
> flo was all like, "Dude,
>
>
>>i can't find the sshd log in /var/log/* how can i create one instead
>>of doing 'cat /var/log/message | grep sshd' every time ?
>
>
> Add a filter with the predicate 'program("sshd.*")', /var/log/sshd as
> a destination and a log rule combining the two to syslog-ng.conf.
>
> hth.
>

Thanks for the help,

here's my /etc/syslog-ng/syslog-ng.conf
<<
options {
long_hostnames(off);
sync(0);
stats(43200);
};

source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };

destination messages { file("/var/log/messages"); };

+ destination sshd { file("/var/log/sshd"); };
+ filter sshd { match("sshd"); };


# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

+ log { source(src); filter(sshd); destination(sshd); };

log { source(src); destination(messages); };
log { source(src); destination(console_all); };
>>

i've had lines with '+' and it works
but sshd log are still also in var/log/message...
is there a way to remove it from ?

and i read all syslog manual and i don't understand how to use
the <<
SyslogFacility
Gives the facility code that is used when logging messages
from sshd.
The possible values are: DAEMON, USER, AUTH, LOCAL0,
LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH.
>> like sybren told me
!! how do you know that the default AUTH go to "unix-stream(/dev/log)"
(this is the default)
and where are going the others like LOCAL*, DAEMON, etc...
to use them in syslog-ng.conf ???

if someone can teach me...thanks in advance
(i google for it a lot without finding anything)