[syslog-ng]filtering programs and subprograms
Gregor Binder
gb@rootnexus.net
Sat, 6 Oct 2001 13:56:46 +0200
Baltasar Cevc on Sat, Oct 06, 2001 at 01:06:32PM +0200:
Baltasar,
> Now I wonder if there is any possibility to filter the program name and the
> next field (e.g. "kernel" and is "IN="). I need this in order to separate
> the packet filter logs from the other kernel stuff.
I am not aware of any way to explicitely specify the second field, but
try something like this:
destination d_pcktfltr { file ("/log/filter.log.$YEAR$MONTH$DAY"); };
filter f_pcktfltr { facility(kern) and match("Packet log:"); };
log { source(XYZ); filter(f_pcktfltr); destination(d_pcktfltr); };
Regards,
--
____ ____
/ _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)>
| / || _\ \
\__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B