[syslog-ng]filter question: already matched
James Hamilton
jamesh@swcp.com
Fri, 18 May 2001 12:08:04 -0600
And yes the destination and filter is set correctly in my rules. I just did a poor copy and paste job in my email :-)
On Fri, May 18, 2001 at 11:42:16AM -0600, James Hamilton wrote:
>
> Hi, I'm having some trouble setting up a filter. In plain english the rule would read something like below, any suggestions?
>
> Match everything for this host except things that have already been matched for this host then drop them into a messages file.
>
> ##
> ## hosts messages log
> ##
> destination d_messages {
> file("/var/log/$MONTH/$HOST/$HOST_messages.$MONTH-$DAY-$YEAR"
> owner(root)
> group(staff)
> perm(0640)
> dir_perm(0750)
> create_dirs(yes));
> };
>
> filter f_messages {
> (filter(DEFAULT) and host("somehostname"));
> };
>
> log {
> source(root);
> filter(f_cron);
^^^^^^^^^^^^^^^^^^^^
> destination(d_cron);
^^^^^^^^^^^^^^^^^^^^
> };
>
>
> --
>
> James Hamilton
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
--
James Hamilton