filtering programs and subprograms
Hi, everybody! I'm using Syslog-NG on a Linux server - as I like the great set of features it supports. Now I wonder if there is any possibility to filter the program name and the next field (e.g. "kernel" and is "IN="). I need this in order to separate the packet filter logs from the other kernel stuff. Thanx for help in advance. bye.baltasar ::: B A L T A S A R C E V C mailto: baltasar@cevc-topp.de Tel.: +49 89 99020515
Baltasar Cevc on Sat, Oct 06, 2001 at 01:06:32PM +0200: Baltasar,
Now I wonder if there is any possibility to filter the program name and the next field (e.g. "kernel" and is "IN="). I need this in order to separate the packet filter logs from the other kernel stuff.
I am not aware of any way to explicitely specify the second field, but try something like this: destination d_pcktfltr { file ("/log/filter.log.$YEAR$MONTH$DAY"); }; filter f_pcktfltr { facility(kern) and match("Packet log:"); }; log { source(XYZ); filter(f_pcktfltr); destination(d_pcktfltr); }; Regards, -- ____ ____ / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)> | / || _\ \ \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B
participants (2)
-
Baltasar Cevc
-
Gregor Binder