Here's what I use for Shorewall messages:
/etc/rsyslog.d/00-shorewall.conf:
if $msg contains 'Shorewall' then {
action(type="omfile" file="/var/log/shorewall.log")
# if ($syslogfacility == 0 and $syslogseverity >= 4) then stop # warning
# if ($syslogfacility == 0 and $syslogseverity >= 5) then stop # notice
if ($syslogfacility == 0 and $syslogseverity >= 6) then stop # info
}
Files in /etc/rsyslog.d/ are included before the /var/log/messages log line.
This
logs Shorewall messages to /var/log/shorewall.log. If a log line has a severity
greater that 'info', it is also logged in /var/log/messages.
Bill
On 4/26/2018 3:08 PM, @lbutlr wrote:
On 2018-04-26 (06:46 MDT), Mike <the.li...@mgm51.com> wrote:
I have a similar log strategy but I let postfix do it for me.
For example, my postscreen entry in master.cf is:
smtp inet n - n - 1 postscreen
-o syslog_facility=local2
That sends the postscreen logging to the local2 log facility.
Sure that's a perfectly workable solution, but I am able to log the specific
information that I nearly never need into a specific log file without having to
keep track of which of the nearly identically named local1 local2 etc
facilities is setup for what. It's also easy for me to add other data that I
don't need in the logs (like I have one automated user who logins in ever 3
minutes. The only thing I ever need to know is if that login fails for some
reason or all the warnings about hosts not resolving (but not any other
warnings)). there's a lot more flexibility in configuring rsyslog than there is
in simply using local1-local6.
But, whatever works for you is fine. I was just sharing what worked for *me* in
case it was of use to someone else.
