[syslog-ng] filter set but still logged to mySQL
Dennis Kavadas
dennis.kavadas at gmail.com
Tue May 23 07:01:24 CEST 2006
Hi all
I have a question, or rather a problem
I've written a filter to trap entries from our BIND host that sends the
output to /de/null (see below)
I can send the match to any file or to /dev/null but syslog-ng is still
seeing the entry from the host and is logging it to "destination d_mysql "
I just need to filter out the match so it never reaches "destination
d_mysql"
Can anyone offer any advice ?
my syslog-ng file below....
--------------------------------------
options {
long_hostnames(off);
sync(0);
stats(43200);
dns_cache(yes);
use_fqdn(no);
keep_hostname(yes);
use_dns(yes);
};
source shell { internal(); unix-stream("/dev/log"); udp(ip(
my.syslog-ng.host.com)); };
destination err-update-dns { file("/dev/null"); };
filter err-update-dns { match("(59.167.232.229)"); };
log {source(shell); filter(err-update-dns); destination(err-update-dns); };
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag,
date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY',
'$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG'
);\n") template-escape(yes)); };
log { source(shell); destination(d_mysql); };
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060523/561a9e67/attachment.html
More information about the syslog-ng
mailing list