[syslog-ng] Filtering on date/time
Balazs Scheidler
bazsi at balabit.hu
Sun Feb 26 11:23:26 CET 2006
On Fri, 2006-02-24 at 20:06 -1000, Dean Takemori wrote:
> Hello,
>
>
> This is on a Debian system with syslog-ng 1.6.5-2.2.
>
>
> Is there any way to filter on the log timestamp? For example, suppose
> I
> have a (machine|program) that reboots once a day at 0400, and I don't
> want to log those events. I'd like to be able to set up a filter
> something
> like this ...
>
>
> filter match_dailyreboot {
> not (match("04:0[0-1]:[0-9][0-9]")
> and program("foo")
> and (match("Starting a brand new workday")
> or match("*many annoying daily restart message*")
> )
> );
>
> };
This is not possible currently, but are you sure you want to completely
drop these messages? Wouldn't you prefer to store those and run an
analyzing script like logcheck later which skips those?
--
Bazsi
More information about the syslog-ng
mailing list