Just a thought. I read that it is much more efficient to use and maybe it can make do your job easier. * * filter f_xntp_filter_no_regexp { # original line: "xntpd[1567]: time error -1159.777379 is way too large (set clock manually); program("xntpd") and match("time error .* is way too large .* set clock manually"); }; ** * Use this instead: * filter f_xntp_filter_no_regexp { # original line: "xntpd[1567]: time error -1159.777379 is way too large (set clock manually); program("xntpd") and match("time error") and match("is way too large") and match("set clock manually"); }; * * You can see this information in http://www.campin.net/syslog-ng/faq.html#perf * * Regards, Bruno. On 3/1/07, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Thu, 2007-03-01 at 10:24 +0000, Hari Sekhon wrote:
one more thought, did you try ${10} or something?
This works in shell so it's worth a try.
currently syslog-ng supports max $9. It's not too difficult to add more, I'll look into it.
-- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html