Hi Karlis, In your earlier email, you said "there are some messages, which I would like never to appear in any log file" and I believe this is the problem you're still trying to solve, yes? I think you're approaching it backwards. Create a filter that *does* match the bad messages, a destination of /dev/null, and a log statement that sends all messages that match that filter to that destination. Make this log statement the very first one in the file and specify flags(final) on it. That option means that any message that follows this path will not evaluate (or follow) any subsequent paths. Joe. -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Karlis Repsons Sent: 10 November 2009 17:49 To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Prefiltering People, is there currently some good way to filter source and then use it *filtered* for numerous "log" invocations in configuration file? If no, it takes writing the same thing many times... ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html

If you are using syslog-ng 3.0, then I think embedded log statements can do the trick. http://www.balabit.hu/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch03s05.htm... Regards, Robert Kārlis Repsons wrote:

People, is there currently some good way to filter source and then use it *filtered* for numerous "log" invocations in configuration file? If no, it takes writing the same thing many times... ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html