[syslog-ng] Match/Message/Macros
R King
tckingr at yahoo.com
Tue Nov 3 17:56:09 CET 2009
I have updated Syslog-NG to 3 and am trying to figure out:
"WARNING: the match() filter without the use of the value() option is deprecated and hinders performance, please update your configuration;"
I have one filter that isn't working and I have tried several different ways to fix it.
The logs are Windows DHCP logs passed from EPILOG:
Nov 3 11:37:55 snsudc02 DHCPLOG[0]: 11,11/03/09,11:37:54,Renew,172.31.0.213,Ashley-PC.nsu.edu,001B9E2A18E9,
Nov 3 11:37:55 snsudc02 DHCPLOG[0]: 11,11/03/09,11:37:55,Renew,172.16.0.191,donovan-dcda8cf.,000B7D0993DF,
My filter originally was:
filter f_dhcp { match("DHCPLOG"); };
I've tried all these without success:
filter f_dhcp { message("DHCPLOG"); };
filter f_dhcp { program("DHCPLOG"); };
filter f_dhcp { match("DHCPLOG" flags("ignore-case") value("$PROGRAM")); };
filter f_dhcp { match("0" value("$PID")); };
Any help would be greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20091103/3e849549/attachment.htm
More information about the syslog-ng
mailing list