I believe it does, but I use it just in case :)


Thanks, Frank



From:        "Lay, James" <james.lay@wincofoods.com>
To:        "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu>
Date:        11/08/2011 09:48 AM
Subject:        Re: [syslog-ng] Quick filter question
Sent by:        syslog-ng-bounces@lists.balabit.hu



Hi Frank,
 
Thanks for the quick response…my last little bit is, I was under the impression that the message() directive automatically assumed the value was already in the message only, and value() wasn’t required?  Am I off on this?  Thanks again.
 
James
 
From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Frank Collette
Sent: Tuesday, November 08, 2011 8:36 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Quick filter question
 

filter f_firewall {
       not (
              program("firewall" flags(ignore-case)) and
              message("169\.254\.[0-9]+\.[0-9]+" value("MESSAGE"));
               )
};


Thanks,

Frank E. Collette IV
Technical Services
Systems Administrator II
Trustmark National Bank
Office: 601-208-7517
Fax: 601-208-6105
fcollette@trustmark.com



From:        "Lay, James" <james.lay@wincofoods.com>
To:        <syslog-ng@lists.balabit.hu>
Date:        11/08/2011 09:14 AM
Subject:        [syslog-ng] Quick filter question
Sent by:        syslog-ng-bounces@lists.balabit.hu





Hey all!
 
Real quick…trying to filter OUT firewall hits that have say…169.254.  Will this do the trick?
 
filter f_firewall {
       not program (firewall flags(ignore-case));
       and not message("169\.254\.[0-9]+\.[0-9]+");
};
 
Thanks all.
 
James______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq