[syslog-ng]no match() statement

death die [email protected]
Fri, 02 Mar 2001 16:41:08 -0500


For some reason for the sonicwall lines the "sonicwall" line doesn't seem to 
filter messages taht have proto=http even though I specify not match.




source local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal 
(); };
source network { udp(ip(0.0.0.0) port(514)); tcp(ip(0.0.0.0) port(514));};


destination messages { file("/var/adm/messages"); };
destination non-catch { file("/var/syslog/non-catch"); };
destination console { usertty("root"); };
destination auth { file("/var/log/authlog"); };
destination mail { file("/var/log/syslog"); };
destination debug { file("/var/log/debug"); };
destination console_all { usertty("*"); };
destination sonicwall { file("/var/syslog/sonicwall"); };
destination sonicwall-www { file("/var/syslog/sonicwall-www"); };



filter f_sonicwall { host("sonicwall") and not match("proto=http");  };
filter f_sonicwall-www { host("sonicwall") and match("proto=http");  };
filter f_auth { facility(auth); };
filter f_syslog { not facility( mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_mail { facility(mail); };


log { source(network); filter(f_sonicwall-www); destination(sonicwall-www); 
};
log { source(network); filter(f_sonicwall); destination(sonicwall); };
log { source(local); filter(f_auth); destination(auth); };
log { source(local); filter(f_syslog); destination(messages); };
log { source(local); filter(f_daemon); destination(messages); };
log { source(local); filter(f_kern); destination(messages); };
log { source(local); filter(f_mail); destination(mail); };
log { source(network); filter(DEFAULT); destination(non-catch);

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com