[syslog-ng]How do I discard a message with syslog-ng?

Mon, 15 Nov 2004 10:03:53 +0100

On Sat, 2004-11-13 at 02:11, Ed Ravin wrote:
> On Wed, 2004-11-10 at 18:14, Ed Ravin wrote:

>    filter unwanted {
>       program("postfix-mailhost/trivial-rewrite") and
>       match("unwanted message in text");
>    };
> 
> But syslog-ng didn't match anything with this filter.  When I trimmed
> it down to:
> 
>    filter unwanted {
>       program("postfix-mailhost") and
>       match("unwanted message in text");
>    };
> 
> Then it began matching my unwanted messages.  If I tried this in the
> filter:
> 
>       program("postfix-mailhost/")
> 
> Then it stopped matching.  So it looks like syslog-ng, when it parses
> the program name, stops parsing when it sees the "/" ?  Is this a bug
> or a feature :-) ?

I've tried to reproduce it, but it seems to work for me.

My config file was:

source src { udp(port(2000)); internal(); };
filter f_exp { program("abc/def"); };
destination d_spoof { file("logfile" template("--$MSG--\n")); };
log { source(src); filter(f_exp); destination(d_spoof); };

I sent the following lines:
$ nc -u localhost 2000
<5>Nov 15 09:55:19 bzorp abc/def[2345]: hehehehe
<5>Nov 15 09:55:19 bzorp abc/def[2345]: hehehehe
<5>Nov 15 09:55:19 bzorp abc/def[2345]: hehehehe
<5>Nov 15 09:55:19 bzorp abc/def[2345]: hehehehe
<5>Nov 15 09:55:19 bzorp abc/def[2345]: hehehehe

And I got:
$ cat logfile
--abc/def[2345]: hehehehe--
--abc/def[2345]: hehehehe--
--abc/def[2345]: hehehehe--
--abc/def[2345]: hehehehe--
--abc/def[2345]: hehehehe--

Can you tell me what $PROGRAM expands to in this scenario? (by including
it in your destination template for example)

-- 
Bazsi