Hello, can you give me an example, how to use the final flag? thanks in advance. regards Ralf Szalay Attila schrieb:
Hi,
On Fri, 2009-05-29 at 14:15 +0200, Ralf Heidenreich wrote:
Hello,
I have the following line in iptables: iptables -A INPUT -j LOG --log-prefix "INPUT: " In syslog-ng (/etc/syslog-ng/syslog-ng.conf) I have the following config: [...] filter iptables { match("INPUT:"); }; log { source(s_sys); filter(iptables); destination(iptables); }; [...] filter f_default { level(info..emerg) and not (facility(mail) or facility(authpriv) or facility(cron)); }; [...] log { source(s_sys); filter(f_default); destination(d_mesg); };
syslog-ng do not stop the evaluation when a destination is found. And because of this and because the second log statement is matching to the line the syslog-ng store it to the message too.
If you want to order the syslog-ng to stop you can use the final directive.
------------------------------------------------------------------------
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html