[syslog-ng]How do I discard a message with syslog-ng?
Nate Campi
syslog-ng@lists.balabit.hu
Wed, 10 Nov 2004 11:43:49 -0800
On Wed, Nov 10, 2004 at 12:14:44PM -0500, Ed Ravin wrote:
> In spite of the "flags(final)" in the log path, the unanted message still
> shows up in my other log paths. Have I misunderstood how to use "final"?
> Is there some other way to discard a message?
I don't know that I've ever had much luck with final either, I just
don't log what I don't want:
###############################################################
filter f_mail {
facility(mail);
};
filter f_not_brightmail {
not program("bmifilter.*");
};
log {
source(src);
filter(f_mail);
filter(f_not_brightmail);
destination(syslog);
};
log {
source(src);
filter(f_not_mail);
filter(f_not_brightmail);
destination(messages);
};
###############################################################
As it stands I have to put "filter(f_not_brightmail);" in all my log
statements, but that's not a problem for me (I build the config once and
just push it out everywhere, so once a config works I never have to look
at it again).
--
Nate
"Where a calculator on the ENIAC is equipped with 18 000 vacuum tubes
and weighs 30 tons, computers of the future may have only 1 000 vacuum
tubes and perhaps weigh 1½ tons." - Popular Mechanics, March 1949.