I do, except it might have been better the first way:I actually just looked at the commit history, and I have zero idea anymore why I did that.
Code:
When using multiple filters one after the other, or connecting filters with the logical AND/OR operators, the order of filters has a significant impact on performance. We recommend to put those filters in front that are the most likely to match the incoming log messages (if known).
Quoting from https://support.oneidentity.com/tec...mance-guideline-for-syslog-ng-premium-edition
Which leads to a different thought about performance. Syslog-ng processes the files in alphabetic order, so anything that hits the first filter doesn't get processed by any other filter, and anything that goes to messages has been processed by every other filter. I don't know that the rate of logging and the power of the router are that mismatched, but syslog-ng would be fastest if we ordered the filters so that, say, pixelserv was processed before openvpn, and maybe skynet or unbound before everything.
EDIT: Nope, not as simple as renaiing the config files without renaming the log files the way uiScribe is setup, and then with skynet. Something relating to the scripts keeps restoring the skynet config file, and then syslog-ng fails because there are two config files with the same definition. I don't want to allow duplicates.
Last edited: