[syslog-ng]filter(DEFAULT)
William Yodlowsky
wyodlows@andromeda.rutgers.edu
Wed, 13 Dec 2000 13:40:16 -0500
On Wed, Dec 13, 2000 at 11:31:43AM -0500, jon@dumbo.pobox.com wrote:
> i think it might be a better idea to do it one of these ways:
[snip]
Interesting... My personal bent (based on my personal need, of course
;) is to have filter(DEFAULT) work with any other filter. So something
like
log { source(src); filter(host1); filter(kern); filter(DEFAULT); \
destination(host1-kern); };
...would capture any kernel messages from host1 that haven't been
captured by any other rule.
That would really make my week :-)
Interestingly enough, if you move filter(DEFAULT) to be the FIRST filter
in a log rule, you get an error if there are any other filter()'s
there. There is no error if it's anywhere else though...
> On Wed, Dec 13, 2000 at 03:30:26PM +1000, Andrew Fort wrote:
> | > So it will have the opposite affect of what I wanted then... anything
> | > that matches host1 will set match=1 and DEFAULT won't match. Heh,
> | > somehow I find it amusing that my logic was completely backwards. Or
> | > maybe I'm up too late. :-)
> |
> | Correct :) Your rules have two filter statements, it's only the
> |
> | filter(host1);
> |
> | and not the filter(DEFAULT); which is causing any action.