[syslog-ng]filter question: already matched
Hamilton, Andrew Mr RAYTHEON 5 SIG CMD
HamiltonA@hq.5sigcmd.army.mil
Mon, 21 May 2001 07:16:51 +0200
James,
Well, I'm not sure if you are still making an error in your cut and paste,
but the destination and filter you put in the message don't match your log
line. You mention that they are set correctly but you didn't post the
correct one. Not sure we can help without the correct line. The idea you
put forth is sound and should work with what you have. What exactly is
happening? Is it not logging? As a first look take off the hostname part
of the filter to see what you are getting in the DEFAULT filter. I do this
on occasion and sometimes will surprise you that you aren't getting what you
expect.
Regards,
Drew
-----Original Message-----
From: James Hamilton [mailto:jamesh@swcp.com]
Sent: Friday, May 18, 2001 8:08 PM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]filter question: already matched
And yes the destination and filter is set correctly in my rules. I just did
a poor copy and paste job in my email :-)
On Fri, May 18, 2001 at 11:42:16AM -0600, James Hamilton wrote:
>
> Hi, I'm having some trouble setting up a filter. In plain english the
rule would read something like below, any suggestions?
>
> Match everything for this host except things that have already been
matched for this host then drop them into a messages file.
>
> ##
> ## hosts messages log
> ##
> destination d_messages {
> file("/var/log/$MONTH/$HOST/$HOST_messages.$MONTH-$DAY-$YEAR"
> owner(root)
> group(staff)
> perm(0640)
> dir_perm(0750)
> create_dirs(yes));
> };
>
> filter f_messages {
> (filter(DEFAULT) and host("somehostname"));
> };
>
> log {
> source(root);
> filter(f_cron);
^^^^^^^^^^^^^^^^^^^^
> destination(d_cron);
^^^^^^^^^^^^^^^^^^^^
> };
>
>
> --
>
> James Hamilton
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
--
James Hamilton
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng