[syslog-ng] intentionally dropping messages
Jan Schaumann
jschauma at netmeister.org
Mon Jun 1 04:20:57 CEST 2009
Hello,
I'm trying to drop a certain set of messages. Following
http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/ch07s08.html
I notice that if I do *not* include a 'destination' in the 'log'
statement, then a very large number of messages that should *not* be
dropped are in fact dropped. As soon as I add a 'destination' to the
log statement, it filters the correct messages.
That is:
destination d_dev_null {
file("/dev/null" perm(0666) );
};
filter demo_debugfilter { (level(debug..notice) and facility(local0); };
log { source(s_udp); filter(demo_debugfilter); flags(final); };
Appears to falsely drop a number of messages that were of local1.info.
As soon as I change the 'log' directive to be:
log { source(s_udp); filter(demo_debugfilter); destination(d_dev_null); flags(final); };
it correctly filters only level0.{debug,info,notice}.
This happens on a host with a large number of messages per second, but
not on a host that receives very little traffic.
I can't make much sense of this and was hoping somebody on this list
could...
-Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090531/1a52dc22/attachment.pgp
More information about the syslog-ng
mailing list