[syslog-ng]Re: desperatly need your help
Balazs Scheidler
bazsi@balabit.hu
Wed, 21 Mar 2001 16:48:09 +0100
On Wed, Mar 21, 2001 at 03:31:16PM +0100, Mariusz Bogumil wrote:
> I think that I really desperatly need your help. I have tested all
> possible configuration and I still cannot filter messages from snort
> from my /var/log/messages and I start thinking that such configuration
> is impossible. Please tell me what I am doing wrong.
>
> To this mail I attach my syslog-ng.conf - with only with lines that
> describe my problem and complete config too.
>
> I run it on Sprac Solaris 7
I tried the following configuration:
source src { unix-stream("log"); internal(); };
destination d1 { file("d1"); };
destination d2 { file("d2"); };
destination d3 { file("d3"); };
filter fn_snort { not match("snort"); };
filter f_snort { match("snort"); }; # it works
log { source(src); filter(fn_snort); destination(d1); };
log { source(src); filter(f_snort); destination(d2); };
log { source(src); destination(d3); };
and I sent the following log messages:
logger -u log "valami"
logger -u log -t snort hallo
It correctly sent messages to their appropriate destination. I suspect a bug
in either Solaris or in Solaris/syslog-ng interoperation. Could anybody
check this?
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1