[syslog-ng] Lots of dropped=tcp(AF_INET(
Ivan Lezhnjov Jr.
ivan.lezhnjov.jr at gmail.com
Thu Aug 21 14:44:53 CEST 2008
Thursday 21 August 2008, Geller, Sandor (IT) wrote:
> Hi,
Hi!
> > How about filtering out these messages and putting them into
> > a separate file,
> > say syslog-ng-diagnostic.log? Is there a way to do this?
>
> You can do it fairly easy: set up a filter like this:
>
> filter f_syslogstats {
> match ("^syslog-ng\[[[:digit:]]+\]: Log statistics");
> };
>
> and then attach it to the internal log source.
Thanks a bunch :)
> > Also what is the meaning of this statement anyway:
> > dropped='tcp(AF_INET($IP:
> > $PORT))=0' ?
>
> Hmm, never seen such logged... Do you have a destination with
> these macros? Although neither $PORT or $IP are available as
> macros.
Yes, I do. It looks like this:
destination loghost { tcp("217.117.75.2" port(1999)); };
--
Ivan Lezhnjov Jr.
Europe, Ukraine, Simferopol
Running
Source Mage GNU/Linux, kernel version 2.6.24 build #5
+----------------------------------------------------------------------+
Key ID 0x5811D90C
Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C
Use GPG Exercise Your Right To Privacy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080821/45e0965a/attachment.pgp
More information about the syslog-ng
mailing list