On Wed, 2004-11-10 at 18:14, Ed Ravin wrote:
I want syslog-ng to discard a message that matches a particular string. There doesn't seem to be an easy way to do that, so I came up with this scheme instead:
[...] filter unwanted { program("noisy-daemon") and match("unwanted alarm"); };
[...] destination discard { file("/dev/null" perm(0666) dir_perm(0755) create_dirs(no)); };
[...] log { source(remote); filter(unwanted); destination(discard); flags(final); };
And it does indeed work, as documented. My problem, which might have been solved sooner had I included the actual config file I was working on rather than paraphrasing it above, was that I was trying to match on a program name with a "/" character in it: filter unwanted { program("postfix-mailhost/trivial-rewrite") and match("unwanted message in text"); }; But syslog-ng didn't match anything with this filter. When I trimmed it down to: filter unwanted { program("postfix-mailhost") and match("unwanted message in text"); }; Then it began matching my unwanted messages. If I tried this in the filter: program("postfix-mailhost/") Then it stopped matching. So it looks like syslog-ng, when it parses the program name, stops parsing when it sees the "/" ? Is this a bug or a feature :-) ? -- Ed