[syslog-ng]Filter oddity

Chris Wall cwall@interaccess.com
Mon, 7 May 2001 15:50:19 -0500 (CDT)


Apologies if this has been covered...

I'm trying to fine tune my filtering in syslog-ng combined with some
features of 2.4.x iptables/netfilter and portsentry

What want to do is log information coming from the log rule in iptables to
a specific file without it falling over into my other logs. The default
syslog-ng.conf came with this filter:

filter f_filter2     { level(info) or facility(mail) or
                     facility(authpriv);  };

And I've added this filter:

filter f_iptables    { level(info) and match(portsentry); };

What I would like to do is use a "not" in the first filter - i.e.

filter f_filter2 { level(info) or facility(mail) or facility(authpriv)
	not match(portsentry); };

however, I get a parse error. I'm using 1.4.11... if I understand the docs
right, this ought to be okay, but I'm sure I'm missing something.

Any help would be appreciated.