On Fri, 2009-09-18 at 23:47 +0400, Vasiliy G Tolstov wrote:
Hello. I'm new in this list, and may be my quistion answered already, but i can't founded any solutions:
Problem: I have many filters, like this filter ff_auth { program(sshd) or program(dropbear) or facility(auth, authpriv); }; filter ff_cron { facility(cron); }; filter ff_daemon { facility(daemon); }; filter ff_user { facility(user); }; filter ff_debug { not facility(auth, authpriv, news, mail); }; filter ff_scm { program(git-daemon); }; filter ff_db { program(postgres) or program (mysql); }; filter ff_mail { facility(mail); }; filter ff_ftp { program(vsftpd) or program(proftpd); }; filter ff_rsync { program(rsync); }; filter ff_snmp { program(snmpd); }; filter ff_named { program(named); }; filter fl_alert { level(alert); }; filter fl_crit { level(crit); }; filter fl_err { level(err); }; filter fl_warn { level(warn); }; filter fl_notice { level(notice); }; filter fl_info { level(info); }; filter fl_debug { level(debug); };
If i want to add new filter to select kernel messages, that does not contain already defained data filter ff_kernel { facility(kern) and not match(firewall) and not match(mail) and not match(snmp) and not match(vsftpd) and not match(firewall); .....}; I think - not best solution to write all filters in not match and not program.
Solution: Can You provide some help, how can i reduce unneded strings, may be not like ff_db and not like ff_debug ?
P.S. Sorry if my english is bad and i can't fully discribe problem.
you probably need 'flags(final)' on your log statements. -- Bazsi