Log all msgs but a specific filter
I need to log all messages except for a specific filter. I have the filter defined and these messages are getting logged to a separate file. However, I have one "main" log file where I do all my other processing. How can I include that filter in my destination so that it drops those specific messages from getting logged? Thanks, Paul ************************************ This email may contain privileged and/or confidential information that is intended solely for the use of the addressee. If you are not the intended recipient or entity, you are strictly prohibited from disclosing, copying, distributing or using any of the information contained in the transmission. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act. You may not directly or indirectly reuse or disclose such information for any purpose other than to provide the services for which you are receiving the information. There are risks associated with the use of electronic transmission. The sender of this information does not control the method of transmittal or service providers and assumes no duty or obligation for the security, receipt, or third party interception of this transmission. ************************************
Paul, use the keyword "not" in your filter: filter notmail { not facility(mail); } regards, Siem -----Oorspronkelijk bericht----- Van: syslog-ng-bounces@lists.balabit.hu namens PAUL WILLIAMSON Verzonden: do 21-1-2010 21:48 Aan: syslog-ng@lists.balabit.hu Onderwerp: [syslog-ng] Log all msgs but a specific filter I need to log all messages except for a specific filter. I have the filter defined and these messages are getting logged to a separate file. However, I have one "main" log file where I do all my other processing. How can I include that filter in my destination so that it drops those specific messages from getting logged? Thanks, Paul
You can also use the flags(final) tag in your log statement to prevent matched logs from also being written to any log statements below it. Put it in your 'specifically filtered' log statement, defined *above* your 'main' log statement. log { source(s_all); filter(f_specific_filter); destination(d_specific_log); flags(final); } log { source(s_all); destination(d_everything_else); } On Thu, Jan 21, 2010 at 12:58 PM, Siem Korteweg <Siem.Korteweg@qnh.nl>wrote:
Paul,
use the keyword "not" in your filter:
filter notmail { not facility(mail); }
regards, Siem
-----Oorspronkelijk bericht----- Van: syslog-ng-bounces@lists.balabit.hu namens PAUL WILLIAMSON Verzonden: do 21-1-2010 21:48 Aan: syslog-ng@lists.balabit.hu Onderwerp: [syslog-ng] Log all msgs but a specific filter
I need to log all messages except for a specific filter. I have the filter defined and these messages are getting logged to a separate file. However, I have one "main" log file where I do all my other processing. How can I include that filter in my destination so that it drops those specific messages from getting logged?
Thanks, Paul
______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Lance Laursen Demonware Systems Engineer
participants (3)
-
Lance Laursen
-
PAUL WILLIAMSON
-
Siem Korteweg