<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
Wait a second. Version 3.2.x ... really?<br>
That's quite old. There was a bug with the <br>
.classifier.X tags some time in the past, and it might have been in those old versions. Certainly version 3.3 would be recommended, and all of y work is done with 3.4.x<br>
<br>
My advice my be specific to version 3.4 :-(<br>
<br>
<br>
<br>
Evan Rempel 250.271.7691<br>
University Systems, University of Victoria<br>
<br>
Evan Rempel <erempel@uvic.ca> wrote:<br>
<br>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">This definitely works. I'm using it right now.<br>
<br>
If it isn't working, then your pattern in the patterndb is not matching. We literally run millions of messages per hour through this exact filter ... I copied and pasted it from our pattern database.<br>
<br>
<br>
<br>
Evan Rempel 250.271.7691<br>
University Systems, University of Victoria<br>
<br>
Russell Fulton <r.fulton@auckland.ac.nz> wrote:<br>
<br>
<br>
On 11/05/2013, at 2:26 PM, Evan Rempel <erempel@uvic.ca> wrote:<br>
<br>
> Try this filter<br>
><br>
><br>
> filter f_unknown {<br>
> tags(".classifier.unknown");<br>
> };<br>
><br>
<br>
This always appears to return true. I.e. this filter includes everything. Negating it includes nothing.<br>
<br>
I have tried to install 3.2.5 as this is the last version that ELSA is confirmed to work with but that does not start:<br>
<br>
Starting syslog-ng<br>
/usr/local/syslog-ng/sbin/syslog-ng: error while loading shared libraries: libsyslog-ng.so.0: cannot open shared object file: No such file or directory<br>
<br>
So far as I can tell all the lib files are present and correct and in the same place as the previous version?<br>
<br>
I have syslog-ng installed in /usr/local/syslog-ng-<version> and a symlink /usr/local/syslog-ng pointing to the version to use.<br>
<br>
Russell<br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_BLANK">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_BLANK">
http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_BLANK">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_BLANK">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_BLANK">
http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_BLANK">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</div>
</span></font>
</body>
</html>