Hello, thanks for the hint! Now i seem to struggle with the usage of it :) I would like to log everything from the lighttpd daemon to a diffrent logfile: Jun 25 10:59:19 lighty-dev lighttpd[30575]: (log.c.172) server started So i tried this filter: filter f_lighttpd { match("lighttpd" value("lighttpd")); }; Basically i would like to match for the facility "lighttpd", right?! I dont really need a regex here. Thanks, Mario On Fri, Jun 25, 2010 at 10:32 AM, Alan McKinnon <Alan.McKinnon@is.co.za> wrote:
On Friday 25 June 2010 10:18:38 ml ml wrote:
Hello List,
i am getting this error: WARNING: the match() filter without the use of the value() option is deprecated and hinders performance, please update your configuration; Restarting syslog-ng: Stopping syslog-ng: OK. Starting syslog-ng: WARNING: the match() filter without the use of the value() option is deprecated and hinders performance, please update your configuration;
[snip]
### 3.) FILTERS filter f_ldap { match("slapd"); };
The message tell you what to do, it's right there in the admin guide :-)
pg 213 of the 3.0 admin guide:
The syntax has changed from earlier versions. match() now wants to know which part of the log to perform the match on. Your matches seem to use the program name, so use:
(match("slapd" value=("PROGRAM"))
to search the entire message for a match, use
(match("slapd" VALUE="MSG"))
or (better)
message("slpad")
Note that the macro name (MSG, PROGRAM, etc) does not have a leading $ - you are giving a macro name to use, not dereferencing it.
-- Alan McKinnon Systems Engineer^W Technician Infrastructure Services Internet Solutions
+27 11 575 7585
Please note: This email and its content are subject to the disclaimer as displayed at the following link http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm. Should you not have Web access, send a mail to disclaimers@is.co.za and a copy will be emailed to you.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html