# Syslog help



## piercedfreak (Dec 27, 2013)

I am trying to clean up my /var/log/messages a bit, and was wondering how to tell which messages come from where. For instance, I want to move the lines from spam filter piping to SpamAssassin lines to their own file.

They look like this.

```
Dec 26 20:11:59 hairy root: Spam filter piping to SpamAssassin, then to: /usr/sbin/sendmail -f XXXXXXX@XXXXXX.com -- XXX@XXXX.us
```


----------



## worldi (Dec 27, 2013)

piercedfreak said:
			
		

> I ... was wondering how to tell which messages come from where.


Ask your sysadmin...  ... or Google. Hint: looks like the program that generates the log messages is actually a shell script that uses logger().



			
				piercedfreak said:
			
		

> I want to move the lines from spam filter piping to spamassassin lines to their own file.


If the line you've posted is really generated by logger then change the shell script and tell logger to use a tag. Once the log messages are tagged you can tell syslogd how to deal with these lines. This is documented in syslog.conf(5):

You can exclude tagged messages from being logging by using !-tag. To only log messages with a certain tag use !tag. Note that once specified these include/exclude settings stay active until changed. You can reset the include/exclude settings with !*.

Here's a stupid example syslog.conf:


```
*.*   /var/log/all.log
!-sudo
*.*   /var/log/all_except_sudo.log
!-unbound
*.*   /var/log/all_except_unbound.log
!*
*.*   /var/log/all_again.log
!sudo
*.*   /var/log/sudo_only.log
!*
```

In case you've introduced a new log file don't forget to a) create it before restarting syslogd and b) adapt your newsyslog.conf(5) accordingly.


----------



## piercedfreak (Dec 28, 2013)

Thanks, that helped me right out, I wasnt aware of `logger`.


----------

