[syslog-ng] Regex and Syslog-ng
Julien Vermet
julsniper at gmail.com
Thu Apr 16 18:01:17 CEST 2009
Hello
I have a problem with syslog-ng using match() in my filters. Here is the
part of my syslog-ng.cong:
"
######
# sources
# all known message sources
source s_all {
file("/etc/syslog-ng/logtest" follow_freq(1));
};
######
# destinations
destination d_apache {
file("/etc/syslog-ng/logapache");
};
destination d_system {
file("/etc/syslog-ng/logsystem");
};
destination d_autres {
file("/etc/syslog-ng/logautres");
};
######
# filters
filter f_apache {
match(apache);
};
filter f_system {
match(system);
};
filter f_autres {
match((?!apache));
};
######
# logs
log {
source(s_all);
filter(f_apache);
destination(d_apache);
};
log {
source(s_all);
filter(f_system);
destination(d_system);
};
log {
source(s_all);
filter(f_autres);
destination(d_autres);
"
As you can see, I want to search in lines if the string apache is present,
if system is present or if apache is not present. The first two filters are
OK, but the third doesn't work. Can you help me to solve the problem?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090416/ed8f9360/attachment.htm
More information about the syslog-ng
mailing list