Hi all
 
I have a question, or rather a problem
 
I've written a filter to trap entries from our BIND host that sends the output to /de/null (see below)
 
I can send the match to any file or to /dev/null but syslog-ng is still seeing the entry from the host and is logging it to "destination d_mysql "
 
I just need to filter out the match so it never reaches "destination d_mysql"
 
Can anyone offer any advice ?
 
 
 
 
 
my syslog-ng file below....
--------------------------------------
 
options {
        long_hostnames(off);
        sync(0);
        stats(43200);
        dns_cache(yes);
        use_fqdn(no);
        keep_hostname(yes);
        use_dns(yes);
};
 
source shell { internal(); unix-stream("/dev/log"); udp(ip(my.syslog-ng.host.com)); };
 
destination err-update-dns { file("/dev/null"); };
filter err-update-dns { match("(59.167.232.229)"); };
log {source(shell); filter(err-update-dns); destination(err-update-dns); };
 
destination d_mysql {
        pipe("/tmp/mysql.pipe"
        template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); };
        log { source(shell); destination(d_mysql); };