Hello guys,
I'm trying to config syslog-ng to ignore and don't log some strings.
I'm using syslog-ng-3.2.5-4.el6.x86_64 on a CentOS 6.5:
the config is pretty simple:

# cat /etc/syslog-ng/syslog-ng.conf
@version:3.2

options { check_hostname(yes);
keep_hostname(yes);
stats_freq(0);
chain_hostnames(no); };

source inputs { internal();
unix-stream("/dev/log");
udp();
tcp(max_connections(100)); };

destination logpile {
file("/logs/$HOST/$YEAR/$MONTH/$DAY/$FACILITY"
owner(root) group(root) perm(0600)
create_dirs(yes) dir_perm(0700)); };

#filter vmware_filter { match("Section for VMware ESX" value ("MESSAGE")); };
#filter vmware_filter { message("Section for VMware ESX"); };
filter vmware_filter { not message("Section for VMware ESX"); };

#log { source(inputs); filter(vmware_filter); flags(final); };
#log { source(inputs); destination(logpile); };
log { source(inputs); filter(vmware_filter); destination(logpile); };

but I cannot find the right key.
Wha'ts wrong in this config? You can see old configuration applied.
Thanks for any tip.
-f
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq