[syslog-ng] complex filtering

Wed, 05 Apr 2000 15:26:54 +0200

Hello,

Im currently building our loghost syslog-ng conf file and encounter a problem. How can I filter message so that only not-alredy-routed line will be routed/filtered again ?

For example, I am trying to send ssh line to a dedicated log file, since sshd send its message to the deamon facility and that ( generic) daemon facility are send to a generic file, a given line appereas in both file and that waste my disk space :-).

I am trying to solve that by adding "and not filter(f_ssh)" in my dameon filter but it does nothing ( not even syntax error message).

Is there any error ? Is there another way ?

Thanks for any help.

Un

....
filter f_ssh		{ program("ssh.*");	};
filter f_cyrus-imapd	{
	program("deliver.*")
	or program( "imapd.*");
	};
filter f_named		{
	program("named.*");
	};
filter f_ntp		{
	program(".*ntp.*");
	};

filter f_kern		{ facility(kern);	};
filter f_user		{ facility(user);	};
filter f_mail		{ facility(mail);	};
filter f_daemon		{
	facility(daemon)
	and not	filter(f_cyrus-imapd)
	and not	filter(f_ssh)
	and not filter(f_ntp)
	and not filter(f_named);
	};
....