[syslog-ng]Supressing messages...
Nate Campi
nate@campin.net
Wed, 21 Aug 2002 13:11:26 -0700
> -----Original Message-----
> From: bhartin@straus-frank.com [mailto:bhartin@straus-frank.com]=20
> Sent: Wednesday, August 21, 2002 15:25 PM
> To: syslog-ng@lists.balabit.hu
> Subject: [syslog-ng]Supressing messages...
>=20
>=20
> I'm running syslog-ng-1.4.14-0. Long story short, I want to supress the
> logging of "VFS: Disk change detected..." messages that plague RH 7.1
> installs using KDE w/autorun on CDs. Updating syslog-ng versions isn't
> happening anytime soon unless it is the only way to do so.
>=20
> What can I do to supress any and all logging of just this message, without
> affecting anything else in that group (kern.* or wherever it's at)?
>=20
> I'm sure newer versions have a working text based filter or such, but I'm
> pressed for time =3D(.
>=20
> Thanks for any help anyone can provide,
Hmm, after googling for "syslog-ng stop processing" I found:
http://citadelle.intrinsec.com/mailing/current/HTML/ml_syslogng/0194.html
Using negative filters on each entry could do it, but would need an
entry in each log line:
filter f_not_vfs { not match("VFS: Disk change detected");=20
};
log { source(src); filter(f_kern); filter(f_not_vfs); destination(messages=
); };
The other way is the "final" flag with 1.5.x. I haven't tested this but
it should work:
destination dev_null { file("/dev/null"); };
filter f_vfs { match("VFS: Disk change detected"); };
log { source(src); filter(f_vfs); destination(dev_null); flags(final); };
Let us know how it works out.
--=20
ASCII and ye shall receive.=20