[syslog-ng]filter(DEFAULT)
William Yodlowsky
wyodlows@andromeda.rutgers.edu
Wed, 13 Dec 2000 00:28:05 -0500
On Wed, Dec 13, 2000 at 03:07:42PM +1000, Andrew Fort wrote:
> >
> > However, what I am seeing appears to be that my host()
> > filters are being
> > ignored when using the DEFAULT filter with it. In other words,
> > unmatched log entries for host2 and host3 are appearing in
> > host1_messages.
> >
> > Is that correct behavior?
>
> It's the documented behaviour.
Rats. I must've missed that, or I'm up too late. Or both :-(
> Currently, I dont think syslog-ng can do "anything not already caught for
> this host" type filters; it's filtering logic is a little bit simpler than
> this..
>
> The filter patch suggested for 1.5.0 (development release) forces the
> filters to be evaluated in the order they appear in the file, but
> essentially the logic is:
>
> - For each log line, match what is in the filter statement. If we get a
> hit, set the "match" flag.
> - Repeat for all futher filters (so multiple filters cause multiple
> matches, but match still =1).
> - When syslog-ng tests the "DEFAULT" filter, it only performs its action if
> match=0.
I see... hmm... that's what I get for assuming :-/
So it will have the opposite affect of what I wanted then... anything
that matches host1 will set match=1 and DEFAULT won't match. Heh,
somehow I find it amusing that my logic was completely backwards. Or
maybe I'm up too late. :-)
Thanks for the clarification!