<div dir="ltr"><div class="gmail_extra">Hi, are you sure your pattern matches?</div><div class="gmail_extra"><br></div><div class="gmail_extra">L:<br><br><br><div class="gmail_quote">On 26 September 2014 08:38, fRANz <span dir="ltr">&lt;<a href="mailto:andrea.francesconi@gmail.com" target="_blank" onclick="window.open(&#39;https://mail.google.com/mail/?view=cm&amp;tf=1&amp;to=andrea.francesconi@gmail.com&amp;cc=&amp;bcc=&amp;su=&amp;body=&#39;,&#39;_blank&#39;);return false;">andrea.francesconi@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Thu, Sep 25, 2014 at 11:31 AM, Pál, László &lt;<a href="mailto:vlad@vlad.hu" onclick="window.open(&#39;https://mail.google.com/mail/?view=cm&amp;tf=1&amp;to=vlad@vlad.hu&amp;cc=&amp;bcc=&amp;su=&amp;body=&#39;,&#39;_blank&#39;);return false;">vlad@vlad.hu</a>&gt; wrote:<br>
<br>
&gt; You need both logpath. One is filtering out and other collecting remaining.<br>
&gt; Also the order of log statement is important<br>
<br>
</span>Vlad,<br>
thank you for your reply.<br>
I followed your tips but syslog-ng still logging...<br>
What I miss in the config?<br>
The actual is:<br>
<span class=""><br>
# cat /etc/syslog-ng/syslog-ng.conf<br>
@version:3.2<br>
<br>
options { check_hostname(yes);<br>
keep_hostname(yes);<br>
stats_freq(0);<br>
chain_hostnames(no); };<br>
<br>
source inputs { internal();<br>
unix-stream(&quot;/dev/log&quot;);<br>
udp();<br>
tcp(max_connections(100)); };<br>
<br>
destination logpile {<br>
file(&quot;/logs/$HOST/$YEAR/$MONTH/$DAY/$FACILITY&quot;<br>
owner(root) group(root) perm(0600)<br>
create_dirs(yes) dir_perm(0700)); };<br>
<br>
</span><span class="">filter vmware_filter { match(&quot;Section for VMware ESX&quot; value (&quot;MESSAGE&quot;)); };<br>
<br>
</span>log { source(inputs); filter(vmware_filter); flags(final); };<br>
log { source(inputs); destination(logpile); };<br>
<br>
Thanks,<br>
<div class="HOEnZb"><div class="im trimless-h5 trimless-content">-f<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</div></div></blockquote></div><br></div></div>