[syslog-ng]filter problem: level()
Balazs Scheidler
bazsi@balabit.hu
Thu, 11 Oct 2001 20:14:17 +0200
On Wed, Sep 05, 2001 at 12:51:03AM -0500, Michael D. (Mick) Bauer wrote:
> Hi, all.
>
> I've got a puzzling problem (to me ;-) with the level() function in my
> syslog-ng.conf file. I'm using a filter whose sole criterion is
> level(debug .. alert); as a sort of "catch-all" filter. But if I send
> syslog-ng eight messages, each with a different priority (i.e., one of
> each level), only the ones with levels "crit," "alert," and "emerg" get
> logged. But wait! Those "emerg" messages shouldn't be making it past the
> filter! What *on earth* is going on here?
Sorry that I react on this message so late, I just discovered that I did not
read your message until now.
I was trying to reproduce the problem you mentioned, without success. What
platform are you trying to run syslog-ng on?
My tests:
for i in debug info notice warning err crit alert emerg; do logger -u log -p auth.$i "prio: $i"; done
syslog-ng.conf:
balabit:~/src/syslog-ng-1.5/src$ cat syslog-ng.conf
options { sync(0); time_reap(1); stats(10); log_fifo_size(10000); };
source src { unix-stream("log"); tcp(port(1999)); internal(); };
destination d_file { file("logfile"); };
filter f_lev { level(info .. alert); };
log { source(src); filter(f_lev); destination(d_file); };
result logfile:
Oct 11 20:11:01 src@balabit <someone>: prio: info
Oct 11 20:11:01 src@balabit <someone>: prio: notice
Oct 11 20:11:01 src@balabit <someone>: prio: warning
Oct 11 20:11:01 src@balabit <someone>: prio: err
Oct 11 20:11:01 src@balabit <someone>: prio: crit
Oct 11 20:11:01 src@balabit <someone>: prio: alert
so debug and emerg were correctly filtered out, while everything else is
added as it should.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1