[syslog-ng]How do I discard a message with syslog-ng?

Balazs Scheidler syslog-ng@lists.balabit.hu
Thu, 11 Nov 2004 09:42:50 +0100


On Wed, 2004-11-10 at 18:14, Ed Ravin wrote:
> I want syslog-ng to discard a message that matches a particular
> string.  There doesn't seem to be an easy way to do that, so I
> came up with this scheme instead:
> 
>   [...]
>   filter unwanted {
>           program("noisy-daemon") and match("unwanted alarm");
>   };
>   
>   [...]
>   destination discard {
>           file("/dev/null" perm(0666) dir_perm(0755) create_dirs(no));
>   };
>   
>   [...]
>   log { source(remote); filter(unwanted); destination(discard); flags(final);
>   };
> 
> In spite of the "flags(final)" in the log path, the unanted message still
> shows up in my other log paths.  Have I misunderstood how to use "final"?
> Is there some other way to discard a message?
> 
> My environment is NetBSD 1.5 and NetBSD 2.0.

No, it should work exactly as you described it, however log statements
are processed in order, thus if you only want to send it to one
destination then your final statement must come first.

I've just tested it myself on my box, and it works as intended.

-- 
Bazsi