[syslog-ng] Revisiting: problem with filter behavior in 2.0.4
Balazs Scheidler
bazsi at balabit.hu
Thu Aug 23 14:00:44 CEST 2007
On Wed, 2007-08-22 at 13:29 -0400, aero1967 at fastmail.fm wrote:
>
> I posted the below message on 13 July to the list, but still received
> no
> response. I'm wondering if I'm seeing a bug in syslog-ng, or there's
> some configuration detail I've overlooked. Balazs, could you comment
> on
> this please?
>
> Since I posted the original message, I'm seeing all kinds of messages
> in
> the "critical.log" file that shouldn't belong, according to my
> understanding of the filtering, e.g. messages from facility+priority
> combination "user.info" without the string "crit" anywhere within the
> message (though oddly enough in that example, the word "subscription"
> is
> present in the message, which differs from "crit" by the addition of
> the
> "p" before the "t", but I'm not sure if that's anything more than
> coincidence).
match() has a regexp parameter in which '*' means (0-n) repetitions of
the previous character.
crit* matches cri, crit, critt, crittt and so on.
--
Bazsi
More information about the syslog-ng
mailing list