[syslog-ng] intentionally dropping messages

Balazs Scheidler bazsi at balabit.hu
Wed Jun 3 11:54:49 CEST 2009


On Sun, 2009-05-31 at 22:20 -0400, Jan Schaumann wrote:
> Hello,
> 
> I'm trying to drop a certain set of messages.  Following
> http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/ch07s08.html
> I notice that if I do *not* include a 'destination' in the 'log'
> statement, then a very large number of messages that should *not* be
> dropped are in fact dropped.  As soon as I add a 'destination' to the
> log statement, it filters the correct messages.
> 
> That is:
> 
> destination d_dev_null {
>         file("/dev/null" perm(0666) );
> };
> 
> filter demo_debugfilter { (level(debug..notice) and facility(local0); };
> log { source(s_udp); filter(demo_debugfilter); flags(final); };
> 
> 
> Appears to falsely drop a number of messages that were of local1.info.
> As soon as I change the 'log' directive to be:
> 
> log { source(s_udp); filter(demo_debugfilter); destination(d_dev_null); flags(final); };
> 
> it correctly filters only level0.{debug,info,notice}.
> 
> This happens on a host with a large number of messages per second, but
> not on a host that receives very little traffic.
> 
> I can't make much sense of this and was hoping somebody on this list
> could...

Hmm... I don't see how this is possible, but I'll look into it right
away.


-- 
Bazsi




More information about the syslog-ng mailing list