[syslog-ng]Filter oddity
Hamilton, Andrew Mr RAYTHEON 5 SIG CMD
HamiltonA@hq.5sigcmd.army.mil
Tue, 8 May 2001 08:20:20 +0200
Chris,
You are missing the "and" between authpriv and not.
Regards,
Drew
-----Original Message-----
From: Chris Wall [mailto:cwall@interaccess.com]
Sent: Monday, May 07, 2001 10:50 PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]Filter oddity
Apologies if this has been covered...
I'm trying to fine tune my filtering in syslog-ng combined with some
features of 2.4.x iptables/netfilter and portsentry
What want to do is log information coming from the log rule in iptables to
a specific file without it falling over into my other logs. The default
syslog-ng.conf came with this filter:
filter f_filter2 { level(info) or facility(mail) or
facility(authpriv); };
And I've added this filter:
filter f_iptables { level(info) and match(portsentry); };
What I would like to do is use a "not" in the first filter - i.e.
filter f_filter2 { level(info) or facility(mail) or facility(authpriv)
not match(portsentry); };
however, I get a parse error. I'm using 1.4.11... if I understand the docs
right, this ought to be okay, but I'm sure I'm missing something.
Any help would be appreciated.
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng