[syslog-ng]RE: Filter Question.

Kevin Welch kevinw@iserv.net
Thu, 4 Apr 2002 03:06:55 -0500 

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C1DBAF.AF986266
Content-Type: text/plain

I fixed it.... after I found the link to the archives, I managed to figure
out that the ; makes a big difference.

-- Kevin

-----Original Message-----
From: Kevin Welch 
Sent: Thursday, April 04, 2002 2:57 AM
To: 'syslog-ng@lists.balabit.hu'
Subject: Filter Question.



Im trying to setup a filter as follows:

filter f_terse  {  facility(local7); and
match("%CALLRECORD-3-MICA_TERSE_CALL_REC"); };

filter f_notterse  { facility(local7); and not
match("%CALLRECORD-3-MICA_TERSE_CALL_REC"); };

Now my problem is that this doesnt work and kicks back an error, it seems I
cannot use the match keyword and define other parameters.  Is this correct
or do I have the syntax messed up?

My reason for needing this is that terse call records from my my dial
systems take over 10000 calls a day and generate alot of syslog information,
I need a way to filter these to a different logfile from other syslog
events.  

Thanks

-- Kevin

------_=_NextPart_001_01C1DBAF.AF986266
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">



RE: Filter Question.




I fixed it.... after I found the link to the =
archives, I managed to figure out that the ; makes a big =
difference.




-- Kevin




-----Original Message-----

From: Kevin Welch 

Sent: Thursday, April 04, 2002 2:57 AM

To: 'syslog-ng@lists.balabit.hu'

Subject: Filter Question.








Im trying to setup a filter as follows:




filter f_terse  {  facility(local7); and =
match("%CALLRECORD-3-MICA_TERSE_CALL_REC"); };




filter f_notterse  { facility(local7); and not =
match("%CALLRECORD-3-MICA_TERSE_CALL_REC"); };




Now my problem is that this doesnt work and kicks =
back an error, it seems I cannot use the match keyword and define other =
parameters.  Is this correct or do I have the syntax messed =
up?



My reason for needing this is that terse call records =
from my my dial systems take over 10000 calls a day and generate alot =
of syslog information, I need a way to filter these to a different =
logfile from other syslog events.  



Thanks




-- Kevin




------_=_NextPart_001_01C1DBAF.AF986266--