Hi List, I've got some Solaris machines emitting some particularly annoying spam that I cannot seem to squelch. I've tried filtering on just about every MACRO that I can think might catch it, all to no avail. Here's the snippet from running syslog-ng in debug/foreground: # syslog-ng -Fdve 2>&1 |grep alloc_extra_sgl_frame Incoming log entry; line='<4>Mar 27 19:00:55 alloc_extra_sgl_frame failed' And here's the relevant filter bit (the other strings are doing their job). filter solaris_alloc { not ( match('alloc_extra_sgl_frame' value("MESSAGE")) or match('alloc_extra_sgl_frame' value("MSGHDR")) or match('alloc_extra_sgl_frame' value("FACILITY")) or match('alloc_extra_sgl_frame' value("PRIORITY")) or match('alloc_extra_sgl_frame' value("MSGID")) or match('ext-arq alloc fail.' value("MESSAGE")) or match('ext-arq alloc fail.' value("MSGHDR")) or match('/pci@0,0/pci8086,3c06@2,2/pci1000,3080@0' value("MESSAGE")) or match('/pci@0,0/pci8086,3c06@2,2/pci1000,3080@0' value("MSGHDR")) ); }; # syslog-ng --version syslog-ng 3.5.6 Installer-Version: 3.5.6 Revision: Compile-Date: Aug 13 2014 13:54:36 Available-Modules: affile,afprog,afsocket-notls,afsocket-tls,afsocket,afstomp,afuser,basicfuncs,confgen,cryptofuncs,csvparser,dbparser,linux-kmsg-format,syslogformat,system-source Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: on Enable-Pcre: on What else should I try? -- Robin P. Blanchard Nephila Advisors Infrastructure Administrator +1 615.823.8516 ext 4516 ---------------------------------------------------------------------------------- The information in this e-mail, and any attachment therein, is confidential and for use by the addressee only. Any use, disclosure, reproduction, modification or distribution of the contents of this e-mail, or any part thereof, other than by the intended recipient, is strictly prohibited. If you are not the intended recipient, please return the e-mail to the sender and delete it from your computer. This email is for information purposes only, nothing contained herein constitutes an offer to sell or buy securities, as such an offer may only be made from a properly authorized offering document. Although Nephila attempts to sweep e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses. -----------------------------------------------------------------------------------