[syslog-ng] match(regex) problem
Balazs Scheidler
bazsi at balabit.hu
Tue Dec 20 12:21:04 CET 2005
On Mon, 2005-12-19 at 14:12 -0800, Nate Campi wrote:
> On Mon, Dec 19, 2005 at 09:59:04AM +0100, Balazs Scheidler wrote:
> > On Sat, 2005-12-17 at 22:14 +0100, Staszek Pitucha wrote:
> This isn't what I've observed in the past, but when I test now with
> 1.6.8 I see that this catches all the sshd messages:
>
> filter f_ssh_any { match("^sshd"); };
> destination d_ssh_any { file("/tmp/ssh_any.log"); };
> log { source(src); filter(f_ssh_any); destination(d_ssh_any); };
>
> I remember when developing matches for 1.6.6 or 1.6.7 that the program
> name wasn't available when using the match() function. Did this change
> recently did I do something wrong back then?
I haven't changed this for ages. The last change in src/log.c was in
January 13th 2004, and it was only a couple of warning fixes for HP-UX.
The patch before that is 2003/10/15
the change on 2004/01/13 is released with 1.6.2
the change on 2003/10/15 is released with 1.6.1
But IIRC this is the behaviour that was implemented originally and was
not changed since.
--
Bazsi
More information about the syslog-ng
mailing list