[News]

News:

[pparcell]

pparcell

pparcell

Show pparcell's last posts.

Show general stats for pparcell.

• 
• Newbie
• Posts: 2

Hello,

I am trying to figure out a way to log fallback and catchall at the same time. I have this setup currently but if I have the catchall configured then the fallback never gets anything even if I change the order.

filter f_53101_sw12.den05 { host("64.78.144.212"); };
destination d_53101_sw12.den05 { file("/var/log/customers/53101/sw12.den05/log"
owner("root") group("janitor") perm(0664)); };
log { source(net); filter(f_53101_sw12.den05); destination(d_53101_sw12.den05);
};

# this rule catches all network traffic for syslog which is still left
destination d_left { file("/var/log/network-leftover"); };
log { source(net); destination(d_left); flags(fallback); };

destination d_net { file("/var/log/from-net"); };
log { source(net); destination(d_net); flags(catchall); };

[mutex]

mutex

mutex

Show mutex's last posts.

Show general stats for mutex.

• 
• Administrator
• Newbie
• Posts: 782

I don't believe they can be effectively used together. 

the catchall statement will process logs not handled by another FILTER.

the fallback statement will process logs not handled by another DESTINATION.

Since the catchall is getting the rest of your logs and writing them to a destination, no logs are matching the fallback criteria.

[pparcell]

pparcell

pparcell

Show pparcell's last posts.

Show general stats for pparcell.

• 
• Newbie
• Posts: 2

Unfortunately I think you are right . I was hoping that there might be a way but I guess not. On the catchall functionality, from my logs it is logging everything no matter if there was a previous filter or not.