[syslog-ng] Ignoring previously handled/filtered messages
Dan Rich
drich@employees.org
Wed, 31 May 2000 16:14:15 -0700 (PDT)
On Sat, 27 May 2000, Balazs Scheidler wrote:
> > > log { source(src); filter(f_daemon); filter(DEFAULT); destination(daemon); };
> > Do multiple filters on a log line treated as "OR" or as "AND" filters?
> > Meaning does it only log where the messages passes both filters? Or where it
> > passes either filter listed? If it does an "AND" and it must pass both
> > filters, then you are correct and this will do exactly what I desire. Thanks!
>
> They are ANDed. I've written a paragraph about log path evaluation in the
> documentation.
This doesn't seem to be true of the DEFAULT filter. I just tried the
following (this is my first log directive):
destination named { file("/var/log/named.log"); };
filter f_named { program("named"); };
log { source("src");
filter("f_named");
filter(DEFAULT);
destination("named"); };
and found the following in named.log
May 31 16:07:29 src@morpheus syslog-ng[332]: syslog-ng version 1.4.4 starting
May 31 16:07:29 src@morpheus syslog: syslogd startup succeeded
I'd really like the DEFAULT rule to work this way, it would be perfect for
limiting some log files to unique messages and others to
containing everything.
--
Dan Rich <drich@employees.org> | http://www.employees.org/~drich/
| "Danger, you haven't seen the last of me!"
| "No, but the first of you turns my stomach!"
| -- The Firesign Theatre's Nick Danger