[syslog-ng] RE : Which macros are available for filtering ?

Vincent Panel Vincent.Panel at telindus.be
Wed Mar 4 10:37:10 CET 2009


De: syslog-ng-bounces at lists.balabit.hu de la part de Balazs Scheidler
>On Tue, 2009-03-03 at 17:06 +0100, Vincent Panel wrote:
>> 
>> On a test machine, I've set up syslog-ng with a filter which looks
>> like this :
>> 
>> filter filter1 { match(".+" VALUE ("MACRO")); };
>> 
>> I've tried many MACROS and it seems only a few of them are not empty
>> (easy to spot using this regex). The most surprising is that several
>> documented macros are empty : for instance, MSGHDR and MSG (MSG should
>> be the same than MESSAGE, but looks like it's not).

>Hmm.. must be a bug then... It really seems to be a bug, I've just tried
>it with $MSG and it didn't work.
>
>I'll look into this, thanks for reporting it.


Thanks for confirming. Should all macros work in filtering ?

I can understand syslog-ng doesn't know yet the S_* date/time macros, because the file is still not written and it's possible the "write" time is not known yet, but for all other macros, I think they should be available to the match() function.

Should I open a bug report so that this bug gets followed up in a standard way ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090304/df896a32/attachment-0001.htm 


More information about the syslog-ng mailing list