Hello,

The *in-list* should work the same way for both *program* and *message*.

It is a little hard to help without the rest of the *relevant* configuration. Therefore I created my dummy config and tested with it.

$ cat /tmp/message-filter.txt

$ cat /tmp/in-list.conf

filter f_smile { in-list("/tmp/message-filter.txt", value("MESSAGE")); };

source s_stdin { file("/dev/stdin" flags(no-parse)); };

destination d_stdout { file("/dev/stdout"); };

log { source(s_stdin); filter(f_smile); destination(d_stdout); };

$ syslog-ng -f /tmp/in-list.conf

syslog-ng: Error setting capabilities, capability management disabled; error='Operation not permitted'

[2017-10-04T07:41:31.341435] WARNING: Configuration file has no version number, assuming syslog-ng 2.1 format. Please add @version: maj.min to the beginning of the file to indicate this explicitly;

...

Oct 4 07:41:50 peterkokai-work/peterkokai-work :)

doomed to fail :)

[EOF]

This must be an exact match, which is why it seems a little fishy that you want to match *MESSAGE* macro :)

--
Kokan

On Tue, Oct 3, 2017 at 10:10 PM Gopi Joshi <gkjoshi@gmail.com> wrote:

I am trying to filter messages matching text stored in a txt file (plain txt , exact match , one word each line). but its not working
filter f_userlist { in-list("/etc/syslog-ng/userlist.list", value("MESSAGE")); };    ---> NOT WORKING
however it works with value(“PROGRAM”)
filter f_whitelist { in-list("/etc/syslog-ng/programlist.list", value("PROGRAM")); };  --->WORKING
List ( userlist.list ) is not long and has less than 10 words to match. anything missing ? or in-list filter doenot work with message contents . any troubleshooting tips will e helpful.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq