On Wed, Nov 10, 2004 at 11:43:49AM -0800, Nate Campi wrote:
On Wed, Nov 10, 2004 at 12:14:44PM -0500, Ed Ravin wrote:
In spite of the "flags(final)" in the log path, the unanted message still shows up in my other log paths. Have I misunderstood how to use "final"? Is there some other way to discard a message?
I don't know that I've ever had much luck with final either, I just don't log what I don't want:
Harumph, I thought I had flags(final) working once I fixed my problem with the fitler, but when I went to my production box, I began losing log messages all over the place. Baszi, are you sure that flags(final) works? I'd rather not do the kludgy filtering in Nate's example below.
############################################################### filter f_mail { facility(mail); };
filter f_not_brightmail { not program("bmifilter.*"); };
log { source(src); filter(f_mail); filter(f_not_brightmail); destination(syslog); }; log { source(src); filter(f_not_mail); filter(f_not_brightmail); destination(messages); }; ###############################################################
As it stands I have to put "filter(f_not_brightmail);" in all my log statements, but that's not a problem for me (I build the config once and just push it out everywhere, so once a config works I never have to look at it again). -- Nate
"Where a calculator on the ENIAC is equipped with 18 000 vacuum tubes and weighs 30 tons, computers of the future may have only 1 000 vacuum tubes and perhaps weigh 1½ tons." - Popular Mechanics, March 1949.
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Ed Ravin | "The law, in its majestic equality, forbids the rich as | well as the poor to sleep under bridges, to beg in the eravin@ | streets, and to steal bread." panix.com | --Anatole France, Le Lys Rouge [1894]