I have Postfix as my STMP server, and just finisehd setting up logcheck. The problem is that Postfix adds lost of useless things to /var/log/messages that I don't think are worthy of being read and just make it harder to find the REAL attack messages. I tried adding the line

mail.* /var/log/postfix

to the /etc/syslog.conf file, and it logs it to the /var/log/postfix file IN ADDITION TO the /var/log/messages file. My question is, how do I stop it from loggin to /var/log/messages and have it send the logs to /var/log/postfix ONLY? I have restarted Postfix and Syslog and it is still doing this. Thanks.

What's the line in syslog.conf referring to /var/log/messages? Try putting "mail.none" as part of that line.

------------------
- Klamath
Get my GnuPG Key Here (http://klamath.dyndns.org/mykey.asc)
Looking for an open source project to contribute to? Check out the Better Bulletin Board (http://bbb.sourceforge.net)

# /etc/syslog.conf

*.=info;*.=notice /var/log/messages
*.=crit;kern.none /var/log/messages
mail.* /var/log/postfix
ftp.* /var/log/messages
authpriv.* /var/log/messages
~
~
~
~
~

My guess would be replace the first /var/log/messages line with this:


mail.none;*.=info;*.=notice /var/log/messages


But I'm guessing. Give it a shot.

Also, why do you have 4 lines referring to /var/log/messages? They could be joined into 1 line easily.

Check out `man 5 syslog.conf` for more info.

------------------
- Klamath
Get my GnuPG Key Here (http://klamath.dyndns.org/mykey.asc)
Looking for an open source project to contribute to? Check out the Better Bulletin Board (http://bbb.sourceforge.net)

Thanks.