[syslog-ng]Filter oddity

Hamilton, Andrew Mr RAYTHEON 5 SIG CMD HamiltonA@hq.5sigcmd.army.mil
Tue, 8 May 2001 08:20:20 +0200


You are missing the "and" between authpriv and not.


-----Original Message-----
From: Chris Wall [mailto:cwall@interaccess.com]
Sent: Monday, May 07, 2001 10:50 PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]Filter oddity

Apologies if this has been covered...

I'm trying to fine tune my filtering in syslog-ng combined with some
features of 2.4.x iptables/netfilter and portsentry

What want to do is log information coming from the log rule in iptables to
a specific file without it falling over into my other logs. The default
syslog-ng.conf came with this filter:

filter f_filter2     { level(info) or facility(mail) or
                     facility(authpriv);  };

And I've added this filter:

filter f_iptables    { level(info) and match(portsentry); };

What I would like to do is use a "not" in the first filter - i.e.

filter f_filter2 { level(info) or facility(mail) or facility(authpriv)
	not match(portsentry); };

however, I get a parse error. I'm using 1.4.11... if I understand the docs
right, this ought to be okay, but I'm sure I'm missing something.

Any help would be appreciated.

syslog-ng maillist  -  syslog-ng@lists.balabit.hu