[syslog-ng] complex filtering
Balazs Scheidler
bazsi@balabit.hu
Wed, 5 Apr 2000 17:08:25 +0200
>
> Im currently building our loghost syslog-ng conf file and encounter a problem. How can I filter message so that only not-alredy-routed line will be routed/filtered again ?
>
> For example, I am trying to send ssh line to a dedicated log file, since sshd send its message to the deamon facility and that ( generic) daemon facility are send to a generic file, a given line appereas in both file and that waste my disk space :-).
>
> I am trying to solve that by adding "and not filter(f_ssh)" in my dameon filter but it does nothing ( not even syntax error message).
>
> Is there any error ? Is there another way ?
>
> Thanks for any help.
The filter way should work, if it doesn't, it's a bug. There's a feature you
may use here. You can define default log statements:
log { source(src); filter(DEFAULT); destination(dst); };
This is a catchall statement, and should catch all messages which were not
accepted any of the previous statements.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt