[syslog-ng]combining filters : completely broken ?
Samuel Krempp
Samuel.Krempp@crans.ens-cachan.fr
Sat, 27 Jan 2001 13:32:03 +0100 (CET)
Okay, I've already posted a message about the bad behaviour of ORing
filters on my debian (and got no response, perhaps I should have
restrained pine from sending attachments vith MIME, but well.)
I realise now that combining filters like this :
destination newsnotice { file("/var/log/news/news.notice" owner("news")
group("adm") perm(0640)); };
filter f_news { facility(news); };
filter f_notice { level(notice); };
log { source(src); filter(f_news); filter(f_notice);
destination(newsnotice); };
will also break syslog (news.notice, suddenly, becomes very quite.. not
growing at all.. strangely I suspect syslog-ng)
I think combining filters wihtin syslog is broken, at least on my
plaform, but not only.
In a previous message, by michael.senn@cmg.nl, I read this :
"""
I have done some very basic testing with the not filter and suggest that
you
try spliting the not into it's own filter then combine them in the log
statement as follows.
It works for me with matching in an error message.
"""
Now, is there any good reason to accept this specificity about the
'not' from syslog-ng ?
isnt this rather a sign that syslog-ng is broken when it comes to
combining filters ??
I liked syslog-ng very well, but if filters cant be combined properly,
it's much less useful..
aren't those a trivial thing to fix ??
or maybe syslog-ng depends on something for combining filters, and this
'something' is not really the same across different distribs ??
--
Samuel