# How do I make syslog-ng log postfix?

## turtles

1)  How do I  get postfix to produce a log file of postfix related things in /var/log/mail like warnings, info and errors with syslog-ng? 

```
egrep '(reject|warning|error|mail|fatal|panic):' /var/log/syslog 

parsons log # egrep '(reject|warning|error|mail|fatal|panic):' /var/log/messages
```

 produces no output and I do not have the mail files in /var/log/ !?

revalant lines in syslog-ng.conf: 

```
#define destinations

destination mail { file("/var/log/mail.log"); };

destination mailinfo { file("/var/log/mail.info"); };

destination mailwarn { file("/var/log/mail.warn"); };

destination mailerr { file("/var/log/mail.err"); };

#filters

filter f_syslog { not facility(authpriv, mail); };

filter f_mail { facility(mail); };

#filter & destination

log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };

log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };

log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };

```

As you can see the files are not being created:

```
#ls

Xorg.0.log      Xorg.8.log  cups   emerge.log  kern.log  mysql    sandbox           wtmp

Xorg.0.log.old  apache2     debug  g-cpan      lastlog   news     scrollkeeper.log  xdm.log

Xorg.1.log      clamav      dmesg  kdm.log     messages  portage  syslog
```

----------

## Corvinian

Hello turtles,

For me it is working and I have the same as you plus additionally:

```
filter f_debug { not facility(auth, authpriv, news, mail); };

filter f_messages { level(info..warn) 

   and not facility(auth, authpriv, mail, news); };

log { source(src); filter(f_mail); destination(mail); };
```

maybe that's the cause ... I have a hardened profile though.Last edited by Corvinian on Thu Oct 25, 2007 8:20 am; edited 1 time in total

----------

## JC Denton

Maybe I'm missing something, but I don't see the filters for f_info, f_warn, and f_err...

----------

## Corvinian

This is my complete config:

```
# Copyright 2005 Gentoo Foundation

# Distributed under the terms of the GNU General Public License v2

# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened,v 1.4 2006/07/12 23:59:59 solar Exp $

#

# Syslog-ng configuration file, compatible with default hardened installations.

#

options { chain_hostnames(off); sync(0); };

source src { unix-stream("/dev/log"); internal(); };

source kernsrc { file("/proc/kmsg"); };

#source net { udp(); };

destination authlog { file("/var/log/auth.log"); };

destination syslog { file("/var/log/syslog"); };

destination cron { file("/var/log/cron.log"); };

destination daemon { file("/var/log/daemon.log"); };

destination kern { file("/var/log/kern.log"); file("/dev/tty12"); };

destination lpr { file("/var/log/lpr.log"); };

destination user { file("/var/log/user.log"); };

destination uucp { file("/var/log/uucp.log"); };

#destination ppp { file("/var/log/ppp.log"); };

destination mail { file("/var/log/mail.log"); };

destination avc { file("/var/log/avc.log"); };

destination audit { file("/var/log/audit.log"); };

destination pax { file("/var/log/pax.log"); };

destination grsec { file("/var/log/grsec.log"); };

destination mailinfo { file("/var/log/mail.info"); };

destination mailwarn { file("/var/log/mail.warn"); };

destination mailerr { file("/var/log/mail.err"); };

destination newscrit { file("/var/log/news/news.crit"); };

destination newserr { file("/var/log/news/news.err"); };

destination newsnotice { file("/var/log/news/news.notice"); };

destination debug { file("/var/log/debug"); };

destination messages { file("/var/log/messages"); };

destination console { usertty("root"); };

destination console_all { file("/dev/tty12"); };

#destination loghost { udp("loghost" port(999)); };

destination xconsole { pipe("/dev/xconsole"); };

filter f_auth { facility(auth); };

filter f_authpriv { facility(auth, authpriv); };

filter f_syslog { not facility(authpriv, mail); };

filter f_cron { facility(cron); };

filter f_daemon { facility(daemon); };

filter f_kern { facility(kern); };

filter f_lpr { facility(lpr); };

filter f_mail { facility(mail); };

filter f_user { facility(user); };

filter f_uucp { facility(uucp); };

#filter f_ppp { facility(ppp); };

filter f_news { facility(news); };

filter f_debug { not facility(auth, authpriv, news, mail); };

filter f_messages { level(info..warn) 

   and not facility(auth, authpriv, mail, news); };

filter f_emergency { level(emerg); };

filter f_info { level(info); };

filter f_notice { level(notice); };

filter f_warn { level(warn); };

filter f_crit { level(crit); };

filter f_err { level(err); };

filter f_avc { match(".*avc: .*"); };

filter f_audit { match("^audit.*") and not match(".*avc: .*"); };

filter f_pax { match("^PAX:.*"); };

filter f_grsec { match("^grsec:.*"); };

log { source(src); filter(f_authpriv); destination(authlog); };

log { source(src); filter(f_syslog); destination(syslog); };

log { source(src); filter(f_cron); destination(cron); };

log { source(src); filter(f_daemon); destination(daemon); };

log { source(kernsrc); filter(f_kern); destination(kern); };

log { source(src); filter(f_lpr); destination(lpr); };

log { source(src); filter(f_mail); destination(mail); };

log { source(src); filter(f_user); destination(user); };

log { source(src); filter(f_uucp); destination(uucp); };

log { source(kernsrc); filter(f_pax); destination(pax); };

log { source(kernsrc); filter(f_grsec); destination(grsec); };

log { source(kernsrc); filter(f_audit); destination(audit); };

log { source(kernsrc); filter(f_avc); destination(avc); };

log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };

log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };

log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };

log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };

log { source(src); filter(f_news); filter(f_err); destination(newserr); };

log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };

log { source(src); filter(f_debug); destination(debug); };

log { source(src); filter(f_messages); destination(messages); };

log { source(src); filter(f_emergency); destination(console); };

#log { source(src); filter(f_ppp); destination(ppp); };

log { source(src); destination(console_all); };

```

----------

