Hi, are you sure your pattern matches? L: On 26 September 2014 08:38, fRANz <andrea.francesconi@gmail.com> wrote:
On Thu, Sep 25, 2014 at 11:31 AM, Pál, László <vlad@vlad.hu> wrote:
You need both logpath. One is filtering out and other collecting remaining. Also the order of log statement is important
Vlad, thank you for your reply. I followed your tips but syslog-ng still logging... What I miss in the config? The actual is:
# cat /etc/syslog-ng/syslog-ng.conf @version:3.2
options { check_hostname(yes); keep_hostname(yes); stats_freq(0); chain_hostnames(no); };
source inputs { internal(); unix-stream("/dev/log"); udp(); tcp(max_connections(100)); };
destination logpile { file("/logs/$HOST/$YEAR/$MONTH/$DAY/$FACILITY" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
filter vmware_filter { match("Section for VMware ESX" value ("MESSAGE")); };
log { source(inputs); filter(vmware_filter); flags(final); }; log { source(inputs); destination(logpile); };
Thanks, -f
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq