Hi all I have a question, or rather a problem I've written a filter to trap entries from our BIND host that sends the output to /de/null (see below) I can send the match to any file or to /dev/null but syslog-ng is still seeing the entry from the host and is logging it to "destination d_mysql " I just need to filter out the match so it never reaches "destination d_mysql" Can anyone offer any advice ? my syslog-ng file below.... -------------------------------------- options { long_hostnames(off); sync(0); stats(43200); dns_cache(yes); use_fqdn(no); keep_hostname(yes); use_dns(yes); }; source shell { internal(); unix-stream("/dev/log"); udp(ip( my.syslog-ng.host.com)); }; destination err-update-dns { file("/dev/null"); }; filter err-update-dns { match("(59.167.232.229)"); }; log {source(shell); filter(err-update-dns); destination(err-update-dns); }; destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(shell); destination(d_mysql); };
Dennis Kavadas wrote:
Hi all
I have a question, or rather a problem
I've written a filter to trap entries from our BIND host that sends the output to /de/null (see below)
I can send the match to any file or to /dev/null but syslog-ng is still seeing the entry from the host and is logging it to "destination d_mysql "
Use the 'final' flag or use the negated filter for the other log statements.
I just need to filter out the match so it never reaches "destination d_mysql"
Can anyone offer any advice ?
[snip]
log {source(shell); filter(err-update-dns); destination(err-update-dns); };
replace this with: log {source(shell); filter(err-update-dns); destination(err-update-dns); flags(final);}; -- Sandor Geller wildy@balabit.hu
mmm.... i don't see this option anywhere is hte man pages of doc's... thanks, it worked !! On 5/23/06, Sandor Geller <wildy@balabit.hu> wrote:
Dennis Kavadas wrote:
Hi all
I have a question, or rather a problem
I've written a filter to trap entries from our BIND host that sends the output to /de/null (see below)
I can send the match to any file or to /dev/null but syslog-ng is still seeing the entry from the host and is logging it to "destination d_mysql "
Use the 'final' flag or use the negated filter for the other log statements.
I just need to filter out the match so it never reaches "destination d_mysql"
Can anyone offer any advice ?
[snip]
log {source(shell); filter(err-update-dns); destination(err-update-dns); };
replace this with:
log {source(shell); filter(err-update-dns); destination(err-update-dns); flags(final);};
-- Sandor Geller wildy@balabit.hu _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Dennis Kavadas
-
Sandor Geller