[syslog-ng] Filtering on date/time
Dean Takemori
deant at hawaii.rr.com
Sat Feb 25 07:06:38 CET 2006
Hello,
This is on a Debian system with syslog-ng 1.6.5-2.2.
Is there any way to filter on the log timestamp? For example, suppose I
have a (machine|program) that reboots once a day at 0400, and I don't
want to log those events. I'd like to be able to set up a filter
something
like this ...
filter match_dailyreboot {
not (match("04:0[0-1]:[0-9][0-9]")
and program("foo")
and (match("Starting a brand new workday")
or match("*many annoying daily restart message*")
)
);
};
But as I understand the rules, match() only matches on the message.
Is there any way in the 1.6.* series to filter on time and other bits?
-dean takemori
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060224/f92302de/attachment.htm
More information about the syslog-ng
mailing list