[syslog-ng]not match()

syslog-ng@lists.balabit.hu syslog-ng@lists.balabit.hu
Sun, 8 Aug 2004 22:19:01 +0100


# $Xanthus: syslog-ng.conf,v 1.1 2004/07/27 02:56:44 markzero Exp $
# syslog-ng config
#

options { 
	
	long_hostnames(off);
	create_dirs(yes);
	
	owner(_syslogng);
	group(_syslogng);
	
	perm(0600);
	
	dir_owner(_syslogng);
	dir_group(_syslogng);
	
	dir_perm(0700);
	
	use_dns(no);
	
	sync(0);
	
};

source src { 
	
	unix-dgram("/dev/log" 
	owner("_syslogng") 
	group("_syslogng")
	perm(0600));
	internal();
	
};


destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };
destination mail { file("/var/log/mail.log"); };

destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };

destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };

destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
#destination console { usertty("root"); };
#destination console_all { file("/dev/tty12"); };
#destination loghost { udp("loghost" port(999)); };

filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn) 
        and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };

filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

filter f_no_stats { 
	not match("STATS: dropped 0"); 
};

log { source(src); filter(f_authpriv); filter(f_no_stats); destination(authlog); };
log { source(src); filter(f_syslog); filter(f_no_stats); destination(syslog); };
log { source(src); filter(f_cron); filter(f_no_stats); destination(cron); };
log { source(src); filter(f_daemon); filter(f_no_stats); destination(daemon); };
log { source(src); filter(f_kern); filter(f_no_stats); destination(kern); };
log { source(src); filter(f_lpr); filter(f_no_stats); destination(lpr); };
log { source(src); filter(f_mail); filter(f_no_stats); destination(mail); };
log { source(src); filter(f_user); filter(f_no_stats); destination(user); };
log { source(src); filter(f_uucp); filter(f_no_stats); destination(uucp); };
log { source(src); filter(f_mail); filter(f_no_stats); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_no_stats); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_no_stats); filter(f_err); destination(mailerr); };
log { source(src); filter(f_news); filter(f_no_stats); filter(f_crit); destination(newscrit); };
log { source(src); filter(f_news); filter(f_no_stats); filter(f_err); destination(newserr); };
log { source(src); filter(f_news); filter(f_no_stats); filter(f_notice); destination(newsnotice); };
log { source(src); filter(f_debug); filter(f_no_stats); destination(debug); };
log { source(src); filter(f_messages); filter(f_no_stats); destination(messages); };
#log { source(src); filter(f_emergency); filter(f_no_stats); destination(console); };
#log { source(src); destination(console_all); };

Now, let me draw your attention to this line:

not match("STATS: dropped 0");

For some reason, I repeatedly get this popping up on the command line:

bash-2.05b# STATS: dropped 0

..when either logged in as root or using su.

This doesn't seem to make sense to me, not only is the filter not apparently working,but the lines to log to roots tty are commented out! Anyone had a similar problem?

I checked the list archives first, and found a few vague examples of this, but
nothing quite the same...

mark