[syslog-ng]Filter Problem

Michael Senn michael.senn@cmg.nl
Fri, 26 Jan 2001 17:07:48 +0100


I am guess from your email that all of the or's in the filter work correctly
and it is just the 'not facility(local7)' that is the probel area.

I have done some very basic testing with the not filter and suggest that you
try spliting the not into it's own filter then combine them in the log
statement as follows.
It works for me with matching in an error message.


>My intent with the following filter, etc. is to exclude messages coming in 
>from facility local7 from being logged to /var/adm/messages. It does not 
>seem to work as those messages are making it there. Can anyone spot what 
>might be wrong with the filter/destination/log stanza(s)?

>filter f_var_adm { level(emerg,alert,crit,err)
>                      or ( facility(kern) and level(debug) )
>                      or ( facility(daemon) and level(notice) )
>                      or ( facility(local2) and level(notice) )
>                      or ( facility(auth) and level(notice,info) )
>                      or ( facility(mail) and level(crit) ) ; };

filter not_local7 { not facility(local7) ; };

>destination d_var_adm { file("/var/adm/messages"); };

># Log all messages conforming to the f_var_adm filter to /var/adm/messages
>log { source(stdlog);

        filter(not_local7);

>       filter(f_var_adm);
>       destination(d_var_adm);
>     };


_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng