[syslog-ng]Eliminating certain keyword from the "all" directi ve?
Balazs Scheidler
bazsi@balabit.hu
Wed, 25 Jul 2001 10:27:49 +0200
On Wed, Jul 25, 2001 at 08:14:15AM +0200, Hamilton, Andrew Mr RAYTHEON 5 SIG CMD wrote:
> Stephen,
>
> Oh, then set up a filter:
>
> filter f_all_others { not facility(mail); };
>
> Is this what you are looking for? This will get everything except the mail
> facility. Then you set whatever destinations you like.
there should be a newer way of doing the same in 1.5.x:
filter f_mail { ... };
log { source(src); filter(f_mail); destination(d_mail); final; };
log { source(src); destination(all); };
so everything matching f_mail goes to d_mail and processing stops
afterwards.
This feature is experimental, and the syntax might change in the future.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1