[syslog-ng] program filters
Ken Garland
ken.garland at rotech.com
Fri Jun 17 15:22:22 CEST 2005
As shown in my previous example, you can remove the facilities in your
filter. For you this would be:
filter f_auth { not facility(kern) facility(auth) or program(".*ftp*.") or program(".*ssh*.") or program(".*pam*."); };
Play with those until you get what you want.
Metal Gear wrote:
> Hi thanks for the reply,
>
> On 6/16/05, *Ken Garland* <ken.garland at rotech.com
> <mailto:ken.garland at rotech.com>> wrote:
>
> the messages you have listed in the chart below are the annoying ones?
> these are kernel messages that you have asked to receive, simply stop
> receiving them or filter out each one of those entries below with a
> regex if you want to stop getting those five specific messages.
>
>
> I only wanted to receive messages from 'auth' facility and the three
> program filters but then why i m getting messages from 'kern'. I m
> still bit confused about that. Yes i agree that i have to apply
> filters to stop that messages.
>
> Thanks again
More information about the syslog-ng
mailing list