[syslog-ng] intentionally dropping messages

Jan Schaumann jschauma at netmeister.org
Mon Jun 1 04:20:57 CEST 2009


I'm trying to drop a certain set of messages.  Following
I notice that if I do *not* include a 'destination' in the 'log'
statement, then a very large number of messages that should *not* be
dropped are in fact dropped.  As soon as I add a 'destination' to the
log statement, it filters the correct messages.

That is:

destination d_dev_null {
        file("/dev/null" perm(0666) );

filter demo_debugfilter { (level(debug..notice) and facility(local0); };
log { source(s_udp); filter(demo_debugfilter); flags(final); };

Appears to falsely drop a number of messages that were of local1.info.
As soon as I change the 'log' directive to be:

log { source(s_udp); filter(demo_debugfilter); destination(d_dev_null); flags(final); };

it correctly filters only level0.{debug,info,notice}.

This happens on a host with a large number of messages per second, but
not on a host that receives very little traffic.

I can't make much sense of this and was hoping somebody on this list

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090531/1a52dc22/attachment.pgp 

More information about the syslog-ng mailing list