[syslog-ng]Filter oddity
Chris Wall
cwall@interaccess.com
Mon, 7 May 2001 15:50:19 -0500 (CDT)
Apologies if this has been covered...
I'm trying to fine tune my filtering in syslog-ng combined with some
features of 2.4.x iptables/netfilter and portsentry
What want to do is log information coming from the log rule in iptables to
a specific file without it falling over into my other logs. The default
syslog-ng.conf came with this filter:
filter f_filter2 { level(info) or facility(mail) or
facility(authpriv); };
And I've added this filter:
filter f_iptables { level(info) and match(portsentry); };
What I would like to do is use a "not" in the first filter - i.e.
filter f_filter2 { level(info) or facility(mail) or facility(authpriv)
not match(portsentry); };
however, I get a parse error. I'm using 1.4.11... if I understand the docs
right, this ought to be okay, but I'm sure I'm missing something.
Any help would be appreciated.