Lines 80-89
Link Here
|
80 |
filter f_crit { level(crit); }; |
80 |
filter f_crit { level(crit); }; |
81 |
filter f_err { level(err); }; |
81 |
filter f_err { level(err); }; |
82 |
|
82 |
|
83 |
filter f_avc { match(".*avc: .*"); }; |
83 |
# <H4xX0Rz1sT@eyeq.de> newer kernels _MIGHT_ have kernel time prefix with CONFIG_PRINTK_TIME set, see #232847 |
84 |
filter f_audit { match("^audit.*") and not match(".*avc: .*"); }; |
84 |
# <H4xX0Rz1sT@eyeq.de> syslog-ng 3.x deprecates old match() syntax, use message() as equivalent, see #291259 |
85 |
filter f_pax { match("^PAX:.*"); }; |
85 |
filter f_avc { message(".*avc: .*"); }; |
86 |
filter f_grsec { match("^grsec:.*"); }; |
86 |
filter f_audit { message("^(\\[.*\\] )?audit.*") and not message(".*avc: .*"); }; |
|
|
87 |
filter f_pax { message("^(\\[.*\\] )?PAX:.*"); }; |
88 |
filter f_grsec { message("^(\\[.*\\] )?grsec:.*"); }; |
87 |
|
89 |
|
88 |
log { source(src); filter(f_authpriv); destination(authlog); }; |
90 |
log { source(src); filter(f_authpriv); destination(authlog); }; |
89 |
log { source(src); filter(f_syslog); destination(_syslog); }; |
91 |
log { source(src); filter(f_syslog); destination(_syslog); }; |