[syslog-ng] matching by unknown field
Balazs Scheidler
bazsi at balabit.hu
Mon May 26 09:10:28 CEST 2008
On Fri, 2008-05-23 at 20:51 -0500, Dorian wrote:
> Balazs Scheidler wrote:
> > On Thu, 2008-05-22 at 21:39 -0500, Dorian wrote:
> >
> >> Good Day
> >>
> >> Could someone tell how to match message by 'blah', the word before '@' ?
> >>
> >> """
> >> May 22 21:28:29 blah at localhost/dns syslog-ng starting up;
> >> """
> >>
> >>
> >
> > host("^blah")
> >
>
> no shit ?
>
>
>
>
> P.S.
>
> not working. I've tried everything before asking
I've just tried and it does work. Which syslog-ng version are you using?
In 2.0 you can also enable filter debugging if you use the '-d' command
line switch, syslog-ng will report the result of each filter check.
--
Bazsi
More information about the syslog-ng
mailing list