[syslog-ng]Problems with Regexp Matching

Brian E. Seppanen seppy@chartermi.net
Wed, 29 Jan 2003 09:22:25 -0500 (EST)


Hi Folks:

I have a bunch of cisco routers that are all configured on the routers
themselves to log at facility local0, and to send their logs to one host
(well a couple of hosts simlarily configured, actually).  I have the
following filter for syslog
filter f_syslog         { not facility(auth, authpriv, local0, local1, mail) and level(debug..notice) and not match("nsca");};

I've likewise tried it as
filter f_syslog         { not facility(auth, authpriv, mail) and level(debug..notice) and not match("nsca");};

I then have a bunch of host filters that are supposed to filter router 
logs

filter hostA { facility(local0) and host("192.168.0.1");};

unfortunately the logs are getting into syslog, I assume because they fall 
within the proper level, but why is the facility not preventing that?   
The same thing is happening with snmptraps which are received at local1.

I'd appreciate any insights.   syslog-ng 1.4.16 on redhat linux 7.2 and 
7.3

Are there any general rules to follow when constructing filters???   

thanks,

Brian Seppanen
seppy@chartermi.net
906-228-4226 ext 23