Syslog-ng Filters

auxiliary · 2015-07-09 11:45:21

Hello everyone,
I'm new to the forum and this is my first post. I've been using Linux for a few years now, Arch inparticular becaue it's my favorite as well as Gentoo.

Anyway, I have Syslog-ng installed and set the log permissions to readable so that Conky can display some of my logs for me. The problem that I'm having
is that there's some useless information being logged and therefor displayed by Conky.

I tried using the information here: https://wiki.archlinux.org/index.php/Sy … r_Messages
I'm sure that I'm misunderstanding something... It seems kind of vague, although the Arch Wiki is usually very informative and has saved me on numerous occasions.

I would like to filter out

Jul 9 07:19:05 PC sudo[4236]: pam_unix(sudo:session): session opened for user root by auxiliary(uid=0)
Jul 9 07:19:14 PC sudo[4236]: pam_unix(sudo:session): session closed for user root"

So do I add this line to a configuration file?

filter f_auth { facility(auth); };

Anyway, I apologize if I'm just being dumb and missing some vital information here. If someone would be so kindly as to walk me through the process I would greatly appreciate it.

Last edited by auxiliary (2015-07-09 11:58:19)

auxiliary · 2015-07-09 11:52:46

*I added the line
filter f_auth { facility(auth); };

to the bottom of
/usr/include/sys/syslog.h

I'm still not sure if this is correct.

auxiliary · 2015-07-09 11:56:39

** It seemed to have worked. I'll keep an eye out and then delete this thread implying that I have no more further issues.

Trilby · 2015-07-09 12:21:28

auxiliary, I see your deletion request, but I don't see why. It looks like you had a problem and found a solution. If so, please mark the thread as [SOLVED] so it can be a resource for other users.

Arch Linux

#1 2015-07-09 11:45:21

Syslog-ng Filters

#2 2015-07-09 11:52:46

Re: Syslog-ng Filters

#3 2015-07-09 11:56:39

Re: Syslog-ng Filters

#4 2015-07-09 12:21:28

Re: Syslog-ng Filters

Board footer