RE: Filter Question.

I fixed it.... after I found the link to the archives, I managed to figure out that the ; makes a big difference.

-- Kevin

-----Original Message-----
From: Kevin Welch
Sent: Thursday, April 04, 2002 2:57 AM
To: 'syslog-ng@lists.balabit.hu'
Subject: Filter Question.

Im trying to setup a filter as follows:

filter f_terse { facility(local7); and match("%CALLRECORD-3-MICA_TERSE_CALL_REC"); };

filter f_notterse { facility(local7); and not match("%CALLRECORD-3-MICA_TERSE_CALL_REC"); };

Now my problem is that this doesnt work and kicks back an error, it seems I cannot use the match keyword and define other parameters. Is this correct or do I have the syntax messed up?

My reason for needing this is that terse call records from my my dial systems take over 10000 calls a day and generate alot of syslog information, I need a way to filter these to a different logfile from other syslog events.

Thanks

-- Kevin