[syslog-ng]How do I discard a message with syslog-ng?
Balazs Scheidler
syslog-ng@lists.balabit.hu
Mon, 15 Nov 2004 10:12:04 +0100
On Sat, 2004-11-13 at 02:59, Ed Ravin wrote:
> On Wed, Nov 10, 2004 at 11:43:49AM -0800, Nate Campi wrote:
> > On Wed, Nov 10, 2004 at 12:14:44PM -0500, Ed Ravin wrote:
> > > In spite of the "flags(final)" in the log path, the unanted message still
> > > shows up in my other log paths. Have I misunderstood how to use "final"?
> > > Is there some other way to discard a message?
> >
> > I don't know that I've ever had much luck with final either, I just
> > don't log what I don't want:
>
> Harumph, I thought I had flags(final) working once I fixed my
> problem with the fitler, but when I went to my production box, I
> began losing log messages all over the place. Baszi, are you sure
> that flags(final) works? I'd rather not do the kludgy filtering
> in Nate's example below.
I tried it right before I sent my previous e-mail just to be sure it
works. The code snippet is very simple in fact, just look at the
function do_distribute_log() function in center.c;
Once a message is matched and the FINAL flag is set it breaks out the
distribute loop. But only iff all filters matched and the message was
sent to the appropriate destinations
The only way to malfunction is if the parser incorrectly parses the
flags option... checked that too, it seems to be ok; and my testing did
not reveal any problems. Is the order of your log statements correct?
--
Bazsi