| View previous topic :: View next topic |
| Author |
Message |
CptanPanic
n00b
Joined: 17 Jan 2003
Posts: 48
|
 Posted: Tue Jan 21, 2003 5:57 pm Post subject: Question about seperating messages using metalog and regex |
 |
|
Hello,
I would like to seperate all my firewall kernel messages from my kernel log into its own diretory. I have tried just adding the regex for the items and it does put them into their own directory but they still show up in the original kernel logs. I guess I need to do an opposite regex for the kernel log config, but I don't know how to do a negative regexp with metalog. Does anyone know?
Thanks,
Brian |
|
| Back to top |
|
 |
Jyrinx
Tux's lil' helper
Joined: 03 May 2002
Posts: 92
Location: Carleton College - Northfield, MN
|
| Posted: Thu Jan 23, 2003 5:53 am Post subject: |
|
|
Oddly enough, it does appear that there is no way to do this with Metalog. (See this thread on the message board. I searched because I need the answer too ...) Pain in the ass. Metalog may be cool, but it's painfully obviously quite immature and slowly developing - version 0.7 beta (with negative regexes, I think) has been out since April with no release since. (This can't be that hard to implement ...)
I'm hereby switching to syslog-ng ... Metalog is just too limited. (It's really very stupid that the Gentoo install docs recommend it for those who don't know which to pick. Now everyone's hung up on dumb stuff like negating a filter.)
Jyrinx
jyrinx_list@mindspring.com[/url] |
|
| Back to top |
|
|
CptanPanic
n00b
Joined: 17 Jan 2003
Posts: 48
|
| Posted: Thu Jan 23, 2003 4:41 pm Post subject: |
|
|
I too was wondering why gentoo would pick something with no active development. I will too try syslog-ng, could you let me know how you unistall metalog and install syslog-ng without messing thigs up?
Thanks,
Bri |
|
| Back to top |
|
|
hhaamu
Apprentice
Joined: 23 Aug 2002
Posts: 253
Location: Finland
|
| Posted: Thu Jan 23, 2003 8:27 pm Post subject: |
|
|
Try:
| Code: |
rc-update del metalog
emerge syslog-ng
/etc/init.d/metalog stop
/etc/init.d/syslog-ng start
rc-update add syslog-ng default
emerge -C metalog
|
(I haven't tried this myself, but it should work) |
|
| Back to top |
|
|
fifo
Guru
Joined: 14 Jan 2003
Posts: 437
|
| Posted: Mon Feb 24, 2003 4:34 pm Post subject: |
|
|
I had this same problem, but it turns out that in fact there is an easy way to filter out iptables messages with metalog. First add a section to /etc/metalog/metalog.conf for logging the firewall messages:
| Code: |
iptables messages :
facility = "kern"
regex = "^.*IN="
logdir = "/var/log/iptables"
|
Then change the kernel and everything sections to remove those same messages:
| Code: |
Kernel messages :
facility = "kern"
regex = "^(?!.*IN=)"
logdir = "/var/log/kernel"
Everything important :
facility = "*"
minimum = 6
regex = "^(?!.*IN=)"
logdir = "/var/log/everything"
|
Now just restart metalog
| Code: | | # /etc/init.d/metalog restart |
and away you go. It will create /var/log/iptables/current when it first want to flush something to the log.
In general, with pcre, you can express the negation of the regexp "^foo" by saying "^(?!foo)". |
|
| Back to top |
|
|
|
Other Things Gentoo
