Im sorry Im writing direct to you but the list is not working Re: [syslog-ng]filtering with regexp

Balazs Scheidler bazsi@balabit.hu
Tue, 23 Apr 2002 12:16:02 +0200 

On Mon, Apr 22, 2002 at 12:02:05PM -0700, mar tin wrote:
> Im sorry Im writing direct to you but the list is not
> working.. I get all the messages back!
> 
> now I've the lines duplicated:
> I have them in auth.log and cron.log!
> how can I tell syslog to put them only in cron.log?

syslog-ng forwards messages to all matching destinations. you have two
options to change this behaviour:
* use filters that match only the lines you are interested in
* use the flags(fallback) feature of syslog-ng 1.5.x

> 
> --- Balazs Scheidler <bazsi@balabit.hu> wrote:
> > On Thu, Apr 18, 2002 at 01:06:32PM -0700, mar tin
> > wrote:
> > > Hello :)
> > > When cron runs, it sends the following lines
> > > Apr 18 16:50:01 martinII PAM_unix[26181]: (cron)
> > > session opened for user smmsp by (uid=0)
> > > Apr 18 16:50:01 martinII PAM_unix[26182]: (cron)
> > > session opened for user runa by (uid=0)
> > > Apr 18 16:50:01 martinII PAM_unix[26183]: (cron)
> > > session opened for user runa by (uid=0)
> > > Apr 18 16:50:02 martinII PAM_unix[26181]: (cron)
> > > session closed for user smmsp
> > > Apr 18 16:50:25 martinII PAM_unix[26183]: (cron)
> > > session closed for user runa
> > > Apr 18 16:50:27 martinII PAM_unix[26182]: (cron)
> > > session closed for user runa
> > > 
> > > I want to filter those lines and send them to
> > other
> > > files, so I did:
> > > 
> > > filter f_cron2{match("(cron) session opened");};
> > > log { source(src); filter(f_cron2);
> > > destination(cron);};
> > > 
> > > but it sends the lines to auth.log!
> > > 
> > > what am I doing wrong?
> > 
> > match() expects an extended regular expression, thus
> > '(' and ')' are
> > interpreted as special characters. You need to
> > escape them via '\', but as
> > this is the escape character in the string, you need
> > to double the backslash
> > like:
> > 
> > match("\\(cron\\) session opened")
> > 
> > -- 
> > Bazsi
> > PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C
> > 0944 9CFD 804E C82C 8EB1
> > 
> > _______________________________________________
> > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Games - play chess, backgammon, pool and more
> http://games.yahoo.com/

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1