[syslog-ng] syslog-ng open source - Problem with filter rules -Performance
Siem Korteweg
Siem.Korteweg at qnh.nl
Thu Aug 13 10:18:00 CEST 2009
Hi,
Use the final flag in each log-statement to indicate that processing stops:
log {
source(s_network);
filter(ABCD_filter);
destination(d_ABCDfiles);
flags(final);
};
Regards,
Siem Korteweg
-----Oorspronkelijk bericht-----
Van: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] Namens Jain, Vaibhav (GE
Healthcare)
Verzonden: donderdag 13 augustus 2009 10:04
Aan: Syslog-ng users' and developers' mailing list
Onderwerp: [syslog-ng] syslog-ng open source - Problem with filter rules
-Performance
Hi
I am using syslog-ng filter option to filter the log messages based on
some filter criteria. Like
log {
source(s_network);
filter(ABCD_filter);
destination(d_ABCDfiles);
};
log {
source(s_network);
filter(PQR_filter);
destination(d_PQRfiles);
};
log {
source(s_network);
filter(XYZ_filter);
destination(d_XYZfiles);
};
...
..
.
In the above example the source is same for all the destination files
but in this configuration all the filter rules are validating the log
mesg. I want to configure it if mesg pass the filter ABCD criteria then
it should not go to other filter and if it fails the ABCD filter
criteria then it should go to next filter and so on.
Does Syslog-ng support any macro or if-else.. for this??
- V
_____________________________________________________________________________
_
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list