-----Original Message----- From: bhartin@straus-frank.com [mailto:bhartin@straus-frank.com] Sent: Wednesday, August 21, 2002 15:25 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]Supressing messages...
I'm running syslog-ng-1.4.14-0. Long story short, I want to supress the logging of "VFS: Disk change detected..." messages that plague RH 7.1 installs using KDE w/autorun on CDs. Updating syslog-ng versions isn't happening anytime soon unless it is the only way to do so.
What can I do to supress any and all logging of just this message, without affecting anything else in that group (kern.* or wherever it's at)?
I'm sure newer versions have a working text based filter or such, but I'm pressed for time =(.
Thanks for any help anyone can provide,
Hmm, after googling for "syslog-ng stop processing" I found: http://citadelle.intrinsec.com/mailing/current/HTML/ml_syslogng/0194.html Using negative filters on each entry could do it, but would need an entry in each log line: filter f_not_vfs { not match("VFS: Disk change detected"); }; log { source(src); filter(f_kern); filter(f_not_vfs); destination(messages); }; The other way is the "final" flag with 1.5.x. I haven't tested this but it should work: destination dev_null { file("/dev/null"); }; filter f_vfs { match("VFS: Disk change detected"); }; log { source(src); filter(f_vfs); destination(dev_null); flags(final); }; Let us know how it works out. -- ASCII and ye shall receive.