[syslog-ng] Unsuccessful not match filter
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Jul 9 20:40:05 CEST 2007
On Mon, 09 Jul 2007 13:15:54 EDT, Louis Bohm said:
> So what am I doing wrong here with this filter??? Because it is not
> working for me.
In what way is it failing to work? Dropping things it shouldn't, or
including things?
> filter f_discard {
> ( not match("Connection from UDP: ")) or
> ( not match("Did not receive identification> string from 192.168.0.46")) or
> ( not match("Received SNMP packet(s) from> UDP: [192.168.0.46]"));
> };
I suspect you have some extra 'not', or you wanted 'and' rather than 'or'.
What you have says 'discard if it doesn't match the first, *or* it doesn't
match the second, *or* it doesn't match the third' - in other words, discard
unless it matches all three.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070709/e540c06b/attachment.pgp
More information about the syslog-ng
mailing list