[syslog-ng] config with many rules

Vasiliy G Tolstov v.tolstov at selfip.ru
Fri Sep 18 21:47:44 CEST 2009


Hello. I'm new in this list, and may be my quistion answered already,
but i can't founded any solutions:

Problem:
I have many filters, like this
filter ff_auth { program(sshd) or program(dropbear) or facility(auth,
authpriv); };
filter ff_cron { facility(cron); };
filter ff_daemon { facility(daemon); };
filter ff_user { facility(user); };
filter ff_debug { not facility(auth, authpriv, news, mail); };
filter ff_scm { program(git-daemon); };
filter ff_db { program(postgres) or program (mysql); };
filter ff_mail { facility(mail); };
filter ff_ftp { program(vsftpd) or program(proftpd); };
filter ff_rsync { program(rsync); };
filter ff_snmp { program(snmpd); };
filter ff_named { program(named); };
filter fl_alert { level(alert); };
filter fl_crit { level(crit); };
filter fl_err { level(err); };
filter fl_warn { level(warn); };
filter fl_notice { level(notice); };
filter fl_info { level(info); };
filter fl_debug { level(debug); };


If i want to add new filter to select kernel messages, that does not
contain already defained data
filter ff_kernel { facility(kern) and not match(firewall) and not
match(mail) and not match(snmp) and not match(vsftpd) and not
match(firewall); .....};
I think - not best solution to write all filters in not match and not
program.

Solution:
Can You provide some help, how can i reduce unneded strings, may be not
like ff_db and not like ff_debug ?

P.S. Sorry if my english is bad and i can't fully discribe problem.

-- 
Vasiliy G Tolstov <v.tolstov at selfip.ru>
Selfip.Ru



More information about the syslog-ng mailing list