filter question: already matched
Hi, I'm having some trouble setting up a filter. In plain english the rule would read something like below, any suggestions? Match everything for this host except things that have already been matched for this host then drop them into a messages file. ## ## hosts messages log ## destination d_messages { file("/var/log/$MONTH/$HOST/$HOST_messages.$MONTH-$DAY-$YEAR" owner(root) group(staff) perm(0640) dir_perm(0750) create_dirs(yes)); }; filter f_messages { (filter(DEFAULT) and host("somehostname")); }; log { source(root); filter(f_cron); destination(d_cron); }; -- James Hamilton
And yes the destination and filter is set correctly in my rules. I just did a poor copy and paste job in my email :-) On Fri, May 18, 2001 at 11:42:16AM -0600, James Hamilton wrote:
Hi, I'm having some trouble setting up a filter. In plain english the rule would read something like below, any suggestions?
Match everything for this host except things that have already been matched for this host then drop them into a messages file.
## ## hosts messages log ## destination d_messages { file("/var/log/$MONTH/$HOST/$HOST_messages.$MONTH-$DAY-$YEAR" owner(root) group(staff) perm(0640) dir_perm(0750) create_dirs(yes)); };
filter f_messages { (filter(DEFAULT) and host("somehostname")); };
log { source(root); filter(f_cron);
^^^^^^^^^^^^^^^^^^^^
destination(d_cron);
^^^^^^^^^^^^^^^^^^^^
};
--
James Hamilton
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
-- James Hamilton
participants (1)
-
James Hamilton