Hello, The *in-list* should work the same way for both *program* and *message*. It is a little hard to help without the rest of the *relevant* configuration. Therefore I created my dummy config and tested with it. $ cat /tmp/message-filter.txt :) $ cat /tmp/in-list.conf filter f_smile { in-list("/tmp/message-filter.txt", value("MESSAGE")); }; source s_stdin { file("/dev/stdin" flags(no-parse)); }; destination d_stdout { file("/dev/stdout"); }; log { source(s_stdin); filter(f_smile); destination(d_stdout); }; $ syslog-ng -f /tmp/in-list.conf syslog-ng: Error setting capabilities, capability management disabled; error='Operation not permitted' [2017-10-04T07:41:31.341435] WARNING: Configuration file has no version number, assuming syslog-ng 2.1 format. Please add @version: maj.min to the beginning of the file to indicate this explicitly; ... :( :) Oct 4 07:41:50 peterkokai-work/peterkokai-work :) doomed to fail :) [EOF] This must be an exact match, which is why it seems a little fishy that you want to match *MESSAGE* macro :) -- Kokan On Tue, Oct 3, 2017 at 10:10 PM Gopi Joshi <gkjoshi@gmail.com> wrote:
I am trying to filter messages matching text stored in a txt file (plain txt , exact match , one word each line). but its not working
filter f_userlist { in-list("/etc/syslog-ng/userlist.list", value("MESSAGE")); }; ---> NOT WORKING
however it works with value(“PROGRAM”)
filter f_whitelist { in-list("/etc/syslog-ng/programlist.list", value("PROGRAM")); }; --->WORKING
List ( userlist.list ) is not long and has less than 10 words to match. anything missing ? or in-list filter doenot work with message contents . any troubleshooting tips will e helpful.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq