[syslog-ng] Multiple criteria per filter and hostnames?

Balazs Scheidler bazsi@balabit.hu
Mon, 10 Jul 2000 10:22:07 +0200

> I have been testing both nsyslog and syslog-ng recently (after discovering
> syslog-ng is based on nsyslog). One thing I have noticed while testing
> syslog-ng 1.4.4, is that it doesn't appear to allow filters such as:
> filter myfilter { facility(auth); host(system); };
> which were valid in nsyslog. 

syslog-ng uses a boolean expression in filter statements like this:

filter myfilter { facility(auth) and host(system); };

> In addition, nsyslog appeared to support reverse
> lookups of the source ip, to resolve into fqdn. 

try the use-fqdn(yes) option in options().

options { use-fqdn(yes); };

> So a message received by nsyslog from host "blah1" would appear in logs as
> "blah1.mydomain.com". Whereas in syslog-ng it would appear as "blah1" OR with
> the long_hostnames(yes) option, would log the hostname as "blah1/blah1". 
> Questions:
> 1. Is it possible to specify multiple criteria per filter?
> 2. Is it possible to enable reverse lookups and log hostname in fqdn?

see above.

PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
     url: http://www.balabit.hu/pgpkey.txt