[syslog-ng]How do I discard a message with syslog-ng?
Ed Ravin
syslog-ng@lists.balabit.hu
Fri, 12 Nov 2004 20:11:17 -0500
On Wed, 2004-11-10 at 18:14, Ed Ravin wrote:
> I want syslog-ng to discard a message that matches a particular
> string. There doesn't seem to be an easy way to do that, so I
> came up with this scheme instead:
>
> [...]
> filter unwanted {
> program("noisy-daemon") and match("unwanted alarm");
> };
>
> [...]
> destination discard {
> file("/dev/null" perm(0666) dir_perm(0755) create_dirs(no));
> };
>
> [...]
> log { source(remote); filter(unwanted); destination(discard); flags(final);
> };
And it does indeed work, as documented. My problem, which might have
been solved sooner had I included the actual config file I was working on
rather than paraphrasing it above, was that I was trying to match on
a program name with a "/" character in it:
filter unwanted {
program("postfix-mailhost/trivial-rewrite") and
match("unwanted message in text");
};
But syslog-ng didn't match anything with this filter. When I trimmed
it down to:
filter unwanted {
program("postfix-mailhost") and
match("unwanted message in text");
};
Then it began matching my unwanted messages. If I tried this in the
filter:
program("postfix-mailhost/")
Then it stopped matching. So it looks like syslog-ng, when it parses
the program name, stops parsing when it sees the "/" ? Is this a bug
or a feature :-) ?
-- Ed