On Mon, 2005-12-19 at 14:12 -0800, Nate Campi wrote:
On Mon, Dec 19, 2005 at 09:59:04AM +0100, Balazs Scheidler wrote:
On Sat, 2005-12-17 at 22:14 +0100, Staszek Pitucha wrote:
This isn't what I've observed in the past, but when I test now with 1.6.8 I see that this catches all the sshd messages:
filter f_ssh_any { match("^sshd"); }; destination d_ssh_any { file("/tmp/ssh_any.log"); }; log { source(src); filter(f_ssh_any); destination(d_ssh_any); };
I remember when developing matches for 1.6.6 or 1.6.7 that the program name wasn't available when using the match() function. Did this change recently did I do something wrong back then?
I haven't changed this for ages. The last change in src/log.c was in January 13th 2004, and it was only a couple of warning fixes for HP-UX. The patch before that is 2003/10/15 the change on 2004/01/13 is released with 1.6.2 the change on 2003/10/15 is released with 1.6.1 But IIRC this is the behaviour that was implemented originally and was not changed since. -- Bazsi