[syslog-ng] Filtering on date/time
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Sun Feb 26 20:29:00 CET 2006
On Fri, 24 Feb 2006 20:06:38 -1000, Dean Takemori said:
> Is there any way to filter on the log timestamp? For example, suppose I
> have a (machine|program) that reboots once a day at 0400, and I don't
> want to log those events. I'd like to be able to set up a filter
> something
> like this ...
As a practical matter, you're probably better off logging it *anyhow*,
and then using a tool such as 'logwatch' or similar to filter. In general,
you want to *retain* a lot of info in the actual syslog files, in case you
need to go digging, but present only exceptios in routine summaries.
In other words - if you *did* put in filtering like this, and then had to use
your logs to show whether there *was* a reboot at 4AM as scheduled, or if it
failed to happen for some reason, how would you go about it?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060226/4dfb17d3/attachment.pgp
More information about the syslog-ng
mailing list