On Mon, Jun 04, 2001 at 01:06:11PM -0700, Eric Parusel wrote:

Hi,

I'd like to filter out the syslog-ng logs that I get in my /var/log/messages file. Can I use a command-line flag to turn off these logs?:

Jun 4 10:20:00 ldap1 syslog-ng[84369]: io.c: do_write: write() failed (errno 32), Broken pipe Jun 4 10:20:00 ldap1 syslog-ng[84369]: Connection broken, reopening in 60 seconds Jun 4 10:21:00 syslog1 syslog-ng[274]: AF_INET client connected from 127.0.0.1, port 1046

If not, can will the following filter work?

filter f_nosyslog-ng { program("syslog-ng") and ( match("io\.c\:") or match("Connection\ broken\,\ reopening") or match("SIGHUP") or match("AF_INET_client") ); };

Did I use the brackets correctly? filter foo { program() and (match() or match() ); }; I'm no expert with regular expressions or syslog-ng filters, so bear with me :)

An easier solution would be to separate your internal() source from your other logs like this: source s_internal { internal(); }; source s_local { unix-stream("/dev/log"); }; destination d_messages { file("/var/log/messages"); }; destination d_syslogng { file("/var/log/syslogng"); }; log { source(s_internal); destination(d_syslogng); }; log { source(s_local); destination(d_messages); };

As well, I'm using a tcp connection over stunnel, I would assume that it is normal to receive these messages occasionally?

if your network goes out of service your connections will most probably be broken. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1