[syslog-ng] Filtre empty program
Geller, Sandor (IT)
Sandor.Geller at morganstanley.com
Fri Aug 29 08:52:56 CEST 2008
Hi,
> I got something in the message that can help, but I'd like to
> use it with the empty program attribute (being as specific as
> possible).
>
> So there is no way to filtre an empty program attribute?
I don't think so. When syslog-ng parses the log it has to guess
what format is applied to the log line, so it will fill in the
program field with the first string which is right after the
priority date hostname triplet. So I think at least one word
of your log will end up in the program field, and it isn't
available for match() later... You could workaround this by
combining the program() and the match() into a single filter,
or use an external program to do the filtering.
Regards,
Sandor
--------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
More information about the syslog-ng
mailing list