[syslog-ng] Ignoring previously handled/filtered messages
Balazs Scheidler
bazsi@balabit.hu
Fri, 26 May 2000 10:27:22 +0200
> >
> > I did try doing this for the daemon filter:
> >
> > filter f_daemon { facility(daemon)
> > and not filter(f_ftpd)
> > and not filter(f_named); };
> >
> > ...but this does not work. I still get the ftpd and named messages in
> > daemonlog (as well as ftpdlog and namedlog). This is exactly what Un
> L'Unique
> > experienced last month when he said that the "not filter" did not appear
> to be
> > working for him. I get the same behavior -- it does not work for me. This
> is,
First of all, I tried this, and it DID work, at least for my local source
tree. Maybe I've commited a fix sometimes and didn't release it?
Here's the configuration I tried:
options { keep_hostname(yes); };
source src { unix-stream("proba2"); internal(); };
destination ftpd { file("ftplog"); };
destination named { file("namedlog"); };
destination daemon { file("daemonlog"); };
filter f_ftpd { match("ftp"); };
filter f_named { match("named"); };
filter f_daemon { facility(daemon)
and not filter(f_ftpd)
and not filter(f_named); };
log { source(src); filter(f_ftpd); destination(ftpd); };
log { source(src); filter(f_named); destination(named); };
log { source(src); filter(f_daemon); destination(daemon); };
And the lines I logged:
balabit:~/src/syslog-ng-1.4/src$ logger -u proba2 -p daemon.info "ftp"
balabit:~/src/syslog-ng-1.4/src$ logger -u proba2 -p daemon.info "named"
balabit:~/src/syslog-ng-1.4/src$ logger -u proba2 -p daemon.info "qqq"
All of them went to the desired location. I'll go on and test the DEFAULT
filter.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt