Hi, How is the d_drop destination configured? As far as I know you can't use flags(final) in embedded log statements so the tagged messages would still reach d_ldap. You can simply change the filter to match on messages not having the 'dropthis' tag and use it in the embedded log section. Regards, Sandor On Wed, Jan 26, 2011 at 11:21 AM, Guillaume Rousse <guillomovitch@gmail.com> wrote:
Le 24/01/2011 17:35, Balazs Scheidler a écrit :
you should enclose the macro reference in quotes like this:
condition="'${MESSAGE}@1' == ''" ^ ^
in a filter expression, all strings are assumed to be templates, and then you can use operators like you did. but macro references also need to be enclosed in quotes (either apostrophes or double quotes will work), this time it was easier to use apostrophes because the XML attribute used quotes. OK, this time syslog-ng doesn't choke, but the re-emited message is leaking to stdout (actually, to the console used to launch it, I just presume it's syslog-ng stdout), which is quite painful:
[root@avron1 ~]# service syslog-ng start Lancement de syslog-ng : [ OK ] [root@avron1 ~]# 2011 Jan 26 11:16:21 avron1 conn=1569812 fd=39 closed (connection lost) 2011 Jan 26 11:16:21 avron1 conn=1569813 fd=60 closed (connection lost) 2011 Jan 26 11:16:23 avron1 conn=1569814 fd=39 closed (connection lost) 2011 Jan 26 11:16:23 avron1 conn=1569815 fd=60 closed (connection lost)
Morevoer, it also suggested the condition used doesn't work, as those messages shouldn't have been re-emited at all.
I'm attaching patterndb and syslog-ng configuration related fragments. -- BOFH excuse #211:
Lightning strikes.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html