SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-21-2008, 07:34 AM
| ||||
| ||||
 Syslog-ng I use Syslog-ng, and after opening my mailserver to the world after making it secure started top notice logs in syslog about relays denied. How can I have a filterd view of syslog, like when running tail -f /var/log/messages, showing only the relay denied SMTP mesages. So that I can see how often they are coming?      |
|
02-21-2008, 07:34 AM
| ||||
| ||||
| Re: Syslog-ng Just have syslog-ng put them in a separate file. Add something like this to your /etc/syslog-ng/syslog-ng.conf: destination relay_denied { file("/var/log/relay_denied"); }; # Filters that "flag" a message--<key phrase> will be part of the # message that is produced, like "RELAY DENIED" or something like that filter f_relay_denied { match("<key phrase>"); }; log { source(src); filter(f_relay_denied); destination(relay_denied); }; log { source(src); filter(DEFAULT); destination(messages); }; Also, if in the future you want to just /dev/null the relay denied messages, replace: destination relay_denied { file("/var/log/relay_denied"); }; with: destination relay_denied { program("/bin/cat >/dev/null"); }; Once you've edited that file, restart syslog-ng. You also might want to check out the syslog-ng reference: http://www.balabit.com/products/sysl...nce/book1.html Stu Michael Thompson wrote: > I use Syslog-ng, and after opening my mailserver to the world after making > it secure started top notice logs in syslog about relays denied. > > How can I have a filterd view of syslog, like when running tail > -f /var/log/messages, showing only the relay denied SMTP mesages. So that > I can see how often they are coming? |
Linear Mode
