[syslog-ng]Why does this not work in 1.6.x?
t_esting@excite.com
syslog-ng@lists.balabit.hu
Mon, 8 Nov 2004 14:28:23 -0500 (EST)
Hello, syslog-ng gurus. I have a question about a config that works for me in 1.5.26 but not in 1.6.x (up to 1.6.5/libol 0.3.14). Here are (what I hope are) the pertinent bits:
source s_udp { udp( port(514) ); };
filter f_fwsm_block {
match(" \%FWSM-") and
not match(": (Teardown|Translation|Built)");
};
filter f_fwsm_misc {
match(" \%FWSM-") and
match(": (Teardown|Translation|Built)");
};
log { source(s_udp); filter(f_fwsm_misc);
destination(d_ipfilters_bymin); };
log { source(s_udp); filter(f_fwsm_block);
destination(d_ipmon); };
## fallthrough
log { destination(d_messages); flags(fallback, catchall); };
With syslog-ng 1.5.26, messages matching "%FWSM-Teardown", etc., are written (correctly) to the d_ipmon destination. With syslog-ng 1.6.x, they drop through to d_messages. Can anyone on the list please help me decipher what changes I might need to make to my config (either compiling syslog-ng itself or to my syslog-ng.conf file) to make my logs write to the same place once I upgrade?
Thanks in advance.
t_esting@excite.com
_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!