Just a thought. I read that it is much more efficient to use and maybe it can make do your job easier.<br><br><i>
</i>
<pre>filter f_xntp_filter_no_regexp {<br> # original line: "xntpd[1567]: time error -1159.777379 is way too large (set clock manually);<br> program("xntpd") and<br> match("time error .* is way too large .* set clock manually");
<br>};<br><i>
</i></pre>
<i> Use this instead:
</i>
<pre>filter f_xntp_filter_no_regexp {<br> # original line: "xntpd[1567]: time error -1159.777379 is way too large (set clock manually);<br> program("xntpd") and<br> match("time error") and match("is way too large") and match("set clock manually");
<br> <br>};<br></pre>
<i>
</i><br><p>You can see this information in <a href="http://www.campin.net/syslog-ng/faq.html#perf">http://www.campin.net/syslog-ng/faq.html#perf</a><br><i>
</i></p><br>Regards,<br>Bruno.<br><br><br><div><span class="gmail_quote">On 3/1/07, <b class="gmail_sendername">Balazs Scheidler</b> <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Thu, 2007-03-01 at 10:24 +0000, Hari Sekhon wrote:<br>> one more thought, did you try ${10} or something?<br>><br>> This works in shell so it's worth a try.<br><br>currently syslog-ng supports max $9. It's not too difficult to add more,
<br>I'll look into it.<br><br>--<br>Bazsi<br><br>_______________________________________________<br>syslog-ng maillist - <a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br><a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>Frequently asked questions at <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br><br></blockquote></div><br>