On Wed, Jul 03, 2002 at 01:36:51AM -0700, Lubos Vitek wrote:

Thank you very much for your kind reply! It really works as you wrote :-) (with ^...$ RE). Now I have one another question. How can I filter out this kind of log record:

datum hostX process some text with "xxxxx" string

I want to write it in file for hostX.log, so I wrote filter:

filter f_hostX { host("hostX"); };

then I wrote filter for string "xxxxx":

filter f_notxxxxx { not match("xxxxx"); };

and then I used it all in log statement:

log {... filter f_hostX ; filter f_notxxxxx ; ... }

I tried to log something on host hostX with string "xxxxx", and I received it in syslog-ng in file hostX.log. Why ? What am I doing wrong now ? Please sorry if I missunderstand something, but I tried it more times with other combinations of filter, but the "NOT" statement simply does not work ...

Thank you in advance for your reply...

it did work for me: here's my config file: source src { pipe("log.input"); internal(); }; filter f_host { host("balabit"); }; filter f_notxxx { not match("xxx"); }; destination dst { pipe("log.output"); }; log { source(src); filter(f_host); filter(f_notxxx); destination(dst); }; here are the messages I wrote into syslog-ng: balabit:~/src/syslog-ng-1.5/src$ echo bazsi > log.input balabit:~/src/syslog-ng-1.5/src$ echo bazsixxx > log.input balabit:~/src/syslog-ng-1.5/src$ echo bazsixx > log.input and here's the way I read messages from log.output: balabit:~/src/syslog-ng-1.5/src$ cat log.output Jul 3 12:36:56 src@balabit bazsi Jul 3 12:37:03 src@balabit bazsixx As you see the second message containing the forbidden pattern is not written to log.output. (I'm using something a bit post 1.5.18, but no important changes) -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1