Hello, I'm very sorry if this is answered somewhere else, or if the answer is so obvious that it's a waste of time :) I can't see anything in the documentation which explicitly addresses this. I have a question about filtering on ranges of severities. A filter such as filter f_daemon { facility(daemon) and level(info); }; catches messages logged to the daemon facility at severity info. It differs from the traditional behavior of syslogd in that it doesn't catch severities beyond info, however. Is there a shorthand way to specify a range of priorities (i.e. to achieve behavior similar to the traditional syslogd)? Or, is it necessary to write a filter such as the following one? filter f_info { level(info) or level(notice) or .. or level(emerg); }; filter f_daemon { facility(daemon) and filter(f_info); }; Thank you very much. -- Jonathan Marks Systems Administrator, Production Systems Group Computing and Communication Services Office University of Illinois at Urbana-Champaign
On Fri, Dec 29, 2000 at 11:25:08AM -0600, Jon Marks wrote:
filter f_info { level(info) or level(notice) or .. or level(emerg); }; filter f_daemon { facility(daemon) and filter(f_info); };
This should condense into: filter f_filtername { facility(daemon) and level(emerg..info); }; ---------------------------------------------------------------------------- __o Bradley Arlt Email: arlt@cpsc.ucalgary.ca o__ _ \<_ WWW: www.acs.ucalgary.ca/~bdarlt _>/ _ (_)/(_) -Eat well, sleep peacefully, drink lots, and ride like hell. (_)\(_)
Thank you very much, Mr. Arlt, for your prompt response! This seems to work just fine. I have another question. It would seem to me that the method I outlined *should* work, although the shorthand is preferable. Even so, it doesn't work. I seem to have trouble calling other filters. For example, syslog-ng doesn't yield a parse error if I use a filter identifier which doesn't exist (e.g. a typo). Also, it doesn't seem to evaluate the filter properly. The example copied below fails to catch any messages at all. Why is this? Am I misunderstanding the semantics of calling other filters or using connective operators? Again, thank you! On Fri, Dec 29, 2000 at 10:56:42AM -0700, Brad Arlt wrote:
On Fri, Dec 29, 2000 at 11:25:08AM -0600, Jon Marks wrote:
filter f_info { level(info) or level(notice) or .. or level(emerg); }; filter f_daemon { facility(daemon) and filter(f_info); };
This should condense into:
filter f_filtername { facility(daemon) and level(emerg..info); };
---------------------------------------------------------------------------- __o Bradley Arlt Email: arlt@cpsc.ucalgary.ca o__ _ \<_ WWW: www.acs.ucalgary.ca/~bdarlt _>/ _ (_)/(_) -Eat well, sleep peacefully, drink lots, and ride like hell. (_)\(_)
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
-- Jonathan Marks Systems Administrator, Production Systems Group Computing and Communication Services Office University of Illinois at Urbana-Champaign
On 2000 Dec 29, Jon Marks wrote:
filter f_info { level(info) or level(notice) or .. or level(emerg); };
You may write like: filter f_info { level(info, notice, <...>(*) , emerg); }; or filter f_info { level(info .. emerg); }; (*) You must write all, like in the example you write. -- PGP ID 0x8D143771, /C5 95 43 F8 6F 19 E8 29 53 5E 96 61 05 63 42 D0 GPG ID ABA0E8B2, 45CF B559 8281 8091 8469 CACD DB71 AEFC ABA0 E8B2 Szeretem a Zsanit - SaSa
participants (3)
-
Brad Arlt
-
Jon Marks
-
SZALAY Attila