Hello,
I have created 2 filters. There is check if there is link up/down text in msg field.
Ok.
If its match then there comes N else there should be comes N. ^^^ I guess you mean 'Y' here, right?
My problem is now that i syslog-ng puts double in sql-table one is Y and one is N. Any suggestion what is wrong? Here comes also configuration.
It looks like you have two problems: a boolean algebra one and a syslog-ng configuration one ;). I really hope I'm awake enough and didn't miss something ...
source net { udp(ip("0.0.0.0") port(514)); };
filter f_link_downup { match(LINK-3-UPDOWN) or match(LINEPROTO-5-UPDOWN) or match(off-line) or match(on-line); }; filter f_others { not match(LINK-3-UPDOWN) or not match(LINEPROTO-5-UPDOWN) or not match(off-line) or not match(on-line); };
Assert: A := LINK-3-UPDOWN B := LINEPROTO-5-UPDOWN C := off-line D := on-line Then your filters look as follows: f_link_downup = A + B + C + D f_others = !A + !B + !C + !D One would assume that since you have one bit ('Y' and 'N') as the outcome, that you'd want 'f_others' to be '!f_link_downup'. So this guy de Morgan once brought up following nitpick: !f_link_downup == !A * !B * !C * !D which is what you want for 'f_others' Thus your filter statements should rather be (unless I didn't understand your wishes): filter f_link_downup { match(LINK-3-UPDOWN) or match(LINEPROTO-5-UPDOWN) or match(off-line) or match(on-line); }; filter f_others { not match(LINK-3-UPDOWN) and not match(LINEPROTO-5-UPDOWN) and not match(off-line) and not match(on-line); }; You might want to put '"' for the strings but it's not neccessary in your case.
log { source(net); filter(f_link_downup); destination(d_mysql_downup); }; log { source(net); filter(f_others); destination(d_mysql_others); };
To speed up your logging you could add a flags(final); statement into your log statements.
destination d_mysql_downup { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg, showdata) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG', 'N' );\n") template-escape(yes)); };
destination d_mysql_others { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg, showdata) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG', 'Y' );\n") template-escape(yes)); };
HTH and best regards, Roberto Nibali, ratz -- echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc