[syslog-ng]Writing a custom filter

Richard E. Perlotto II syslog-ng@lists.balabit.hu
Sun, 2 Mar 2003 17:10:55 -0800 

This is a multi-part message in MIME format.

------=_NextPart_000_0071_01C2E0DE.B5D2D550
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit

Whoops, sorry, looks like my notes did not make that version.  Give me a
day to add them
back in. 
 
 
Richard
 
P.S.
 
Now where did those 200 lines of comments go?
 
 

-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Richard E.
Perlotto II
Sent: Sunday, March 02, 2003 4:57 PM
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]Writing a custom filter


Take a look at my config file at:
 
ftp://ftp.cataphract.com/syslog/syslog-ng/syslog-ng/syslog-ng-1.6.0rc1/s
yslog-ng.conf
 
I added a lot of comments related to how to build filtering in
syslog-ng.  The documentation
is very short on the subject matter.
 
 
 
Richard

-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Rohit Dewan
Sent: Sunday, March 02, 2003 2:09 PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]Writing a custom filter



What is the best way to write a custom filter for syslog-ng? Any
pointers would be most appreciated.

 

Thanks,

Rohit


------=_NextPart_000_0071_01C2E0DE.B5D2D550
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<TITLE>Message</TITLE>

<META content=3D"MSHTML 6.00.2800.1141" name=3DGENERATOR>
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in =
1.25in; }
P.MsoNormal {
	FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
	FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
	FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
	COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
	COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
	COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
	COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
	COLOR: windowtext; FONT-FAMILY: Arial
}
DIV.Section1 {
	page: Section1
}
</STYLE>
</HEAD>
<BODY lang=3DEN-US vLink=3Dpurple link=3Dblue>
<DIV><SPAN class=3D638510901-03032003><FONT face=3DArial color=3D#0000ff =

size=3D2>Whoops, sorry, looks like my notes did not make that =
version.&nbsp; Give=20
me a day to add them</FONT></SPAN></DIV>
<DIV><SPAN class=3D638510901-03032003><FONT face=3DArial color=3D#0000ff =
size=3D2>back=20
in.&nbsp;</FONT></SPAN></DIV>
<DIV><SPAN class=3D638510901-03032003><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D638510901-03032003><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D638510901-03032003><FONT face=3DArial color=3D#0000ff =

size=3D2>Richard</FONT></SPAN></DIV>
<DIV><SPAN class=3D638510901-03032003><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D638510901-03032003><FONT face=3DArial color=3D#0000ff =

size=3D2>P.S.</FONT></SPAN></DIV>
<DIV><SPAN class=3D638510901-03032003><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D638510901-03032003><FONT face=3DArial color=3D#0000ff =
size=3D2>Now=20
where did those 200 lines of comments go?</FONT></SPAN></DIV>
<DIV><SPAN class=3D638510901-03032003><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D638510901-03032003><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid; MARGIN-RIGHT: 0px">
  <DIV></DIV>
  <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
align=3Dleft><FONT=20
  face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B>=20
  syslog-ng-admin@lists.balabit.hu =
[mailto:syslog-ng-admin@lists.balabit.hu]=20
  <B>On Behalf Of </B>Richard E. Perlotto II<BR><B>Sent:</B> Sunday, =
March 02,=20
  2003 4:57 PM<BR><B>To:</B> =
syslog-ng@lists.balabit.hu<BR><B>Subject:</B> RE:=20
  [syslog-ng]Writing a custom filter<BR><BR></FONT></DIV>
  <DIV><SPAN class=3D839155500-03032003><FONT face=3DArial =
color=3D#0000ff size=3D2>Take=20
  a look at my config file at:</FONT></SPAN></DIV>
  <DIV><SPAN class=3D839155500-03032003><FONT face=3DArial =
color=3D#0000ff=20
  size=3D2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=3D839155500-03032003><FONT face=3DArial =
color=3D#0000ff size=3D2><A=20
  =
href=3D"ftp://ftp.cataphract.com/syslog/syslog-ng/syslog-ng/syslog-ng-1.6=
.0rc1/syslog-ng.conf">ftp://ftp.cataphract.com/syslog/syslog-ng/syslog-ng=
/syslog-ng-1.6.0rc1/syslog-ng.conf</A></FONT></SPAN></DIV>
  <DIV><SPAN class=3D839155500-03032003><FONT face=3DArial =
color=3D#0000ff=20
  size=3D2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=3D839155500-03032003><FONT face=3DArial =
color=3D#0000ff size=3D2>I=20
  added a lot of comments related to how to build filtering in =
syslog-ng.&nbsp;=20
  The documentation</FONT></SPAN></DIV>
  <DIV><SPAN class=3D839155500-03032003><FONT face=3DArial =
color=3D#0000ff size=3D2>is=20
  very short on the subject matter.</FONT></SPAN></DIV>
  <DIV><SPAN class=3D839155500-03032003><FONT face=3DArial =
color=3D#0000ff=20
  size=3D2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=3D839155500-03032003><FONT face=3DArial =
color=3D#0000ff=20
  size=3D2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=3D839155500-03032003><FONT face=3DArial =
color=3D#0000ff=20
  size=3D2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=3D839155500-03032003><FONT face=3DArial =
color=3D#0000ff=20
  size=3D2>Richard</FONT></SPAN></DIV>
  <BLOCKQUOTE dir=3Dltr=20
  style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid; MARGIN-RIGHT: 0px">
    <DIV></DIV>
    <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
align=3Dleft><FONT=20
    face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B>=20
    syslog-ng-admin@lists.balabit.hu =
[mailto:syslog-ng-admin@lists.balabit.hu]=20
    <B>On Behalf Of </B>Rohit Dewan<BR><B>Sent:</B> Sunday, March 02, =
2003 2:09=20
    PM<BR><B>To:</B> syslog-ng@lists.balabit.hu<BR><B>Subject:</B>=20
    [syslog-ng]Writing a custom filter<BR><BR></FONT></DIV>
    <DIV class=3DSection1>
    <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">What is the best way =
to write a=20
    custom filter for syslog-ng? Any pointers would be most=20
    appreciated.</SPAN></FONT></P>
    <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"></SPAN></FONT>&nbsp;</P>
    <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">Thanks,</SPAN></FONT></P>
    <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">Rohit</SPAN></FONT></P></DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HT=
ML>

------=_NextPart_000_0071_01C2E0DE.B5D2D550--