[syslog-ng] Why does this not work?
Sandor Geller
wildy at balabit.hu
Fri Mar 10 09:17:23 CET 2006
David Anderson wrote:
> Hi,
>
> I am trying to lessen the amount in my messages log. I have logs
> coming in from my router which I can successfully put into their own
> log using the following filters. Unfortunately this also drops the info into
> messages as well:
>
> filter f_messages { not facility(news, mail) and not filter(f_iptables); };
> filter f_router { host(vigor); };
>
> If I try to prevent the additions to the message log using the
> following filters I get the error shown below.
>
> filter f_messages { not facility(news, mail) and not
> filter(f_iptables, f_router); };
For my best knowledge you can't use nested filters. Either use the
'final' flag in your log definitions instead or create a new filter:
filter f_notvigor { not host(vigor) };
and use in your log sections. Using the 'final' flag is much more
efficient, but you have to take care of the ordering of your log
definitions.
--
Sandor Geller
wildy at balabit.hu
More information about the syslog-ng
mailing list