I tested this on my Solaris 7 machine and it worked as expected. I used version 1.5.3 and libol version 0.2.21. So whatever it is it is not Solaris 7. Regards, Drew

-----Original Message----- From: Balazs Scheidler [SMTP:bazsi@balabit.hu] Sent: Wednesday, March 21, 2001 4:48 PM To: Mariusz Bogumil Cc: syslog-ng@lists.balabit.hu Subject: [syslog-ng]Re: desperatly need your help

On Wed, Mar 21, 2001 at 03:31:16PM +0100, Mariusz Bogumil wrote:

...

I think that I really desperatly need your help. I have tested all possible configuration and I still cannot filter messages from snort from my /var/log/messages and I start thinking that such configuration is impossible. Please tell me what I am doing wrong.

To this mail I attach my syslog-ng.conf - with only with lines that describe my problem and complete config too.

I run it on Sprac Solaris 7

I tried the following configuration:

source src { unix-stream("log"); internal(); };

destination d1 { file("d1"); }; destination d2 { file("d2"); }; destination d3 { file("d3"); };

filter fn_snort { not match("snort"); }; filter f_snort { match("snort"); }; # it works

log { source(src); filter(fn_snort); destination(d1); }; log { source(src); filter(f_snort); destination(d2); }; log { source(src); destination(d3); };

and I sent the following log messages:

logger -u log "valami" logger -u log -t snort hallo

It correctly sent messages to their appropriate destination. I suspect a bug in either Solaris or in Solaris/syslog-ng interoperation. Could anybody check this?

-- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1

_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng