Same result, the ntpd lines still make it through. On Tue, Feb 23, 2010 at 10:09 AM, Fegan, Joe <Joe.Fegan@hp.com> wrote:
Try it without the *
-----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Evan Baer Sent: 23 February 2010 14:57 To: Zoltán Pallagi Cc: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] problem with filtering in syslog-ng
The ntpd lines are still falling through. Should I include the final() syntax on all my log lines?
filter not_ntpd { not program("ntpd*"); };
log { source(src); filter(f_notice); filter(f_not_authpriv); filter(not_ntpd); destination(messages); flags(final); }; log { source(src); filter(f_kern); filter(f_debug); destination(messages); }; log { source(src); filter(f_lpr); filter(f_info); destination(messages); }; log { source(src); filter(f_mail); filter(f_crit); destination(messages); };
Here is an example of what we still see in the logs:
Feb 23 09:55:50 hobbit-shn1f0503 ntpd[729]: Listening on interface #2 lo0, 127.0.0.1#123 Enabled Feb 23 09:55:50 hobbit-shn1f0503 ntpd[729]: Listening on routing socket on fd #23 for interface updates
On Tue, Feb 23, 2010 at 9:40 AM, Zoltán Pallagi <pzolee@balabit.hu> wrote:
Hi Evan,
use the final flag in this log path. For example:
log { source(src); filter(f_kern); filter(f_debug); filter(not_ntpd); destination(messages); flags(final); };
For more information see our documentation: http://www.balabit.hu/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch08s03.htm...
Evan Baer wrote:
Hello,
I'm trying to exclude ntpd update messages from /var/log/messages.
I have created a filter like so: filter not_ntpd { not program("ntpd*"); };
And implemented it in my log lines:
log { source(src); filter(not_ntpd); destination(messages); }; log { source(src); filter(f_notice); filter(f_not_authpriv); filter(not_ntpd); destination(messages); }; log { source(src); filter(f_kern); filter(f_debug); filter(not_ntpd); destination(messages); }; log { source(src); filter(f_lpr); filter(f_info); destination(messages); }; log { source(src); filter(f_mail); filter(f_crit); destination(messages); };
Yet the lines for ntpd still seem to pass through to the logfile.
Feb 23 09:20:48 magpie-shn1e1324 ntpd[37397]: synchronized to 10.2.253.22, stratum 1 Feb 23 09:20:49 magpie-shn1f1318 ntpd[729]: kernel time sync status change 2001
Any thoughts? -- Evan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- pzolee
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html