[syslog-ng] filter after source or indifferent?
Sandor Geller
Sandor.Geller at morganstanley.com
Tue Apr 27 16:25:25 CEST 2010
Hi,
On Tue, Apr 27, 2010 at 3:24 PM, Giovanni Mancuso
<suuuper at messinalug.org> wrote:
> Hi,
>
> i have a question about syslog-ng configuration.
>
> I configure my log path in this way:
>
> log {
> source(s_funambol);
> destination(d_network);
> filter(f_funambol);
> };
>
> And it doesn't work.
>
> If i configure the log path in this way:
>
>
> log {
> source(s_funambol);
> filter(f_funambol);
> destination(d_network);
> };
>
> It works.
>
> Is it normal?
>
> Is required that the filter goes after the source?
More or less... This is a new behaviour as of syslog-ng 3, the order
of filters and destinations does matter. It's possible to refine
filtering within a single log section this way:
log {
source(mysources);
filter(filter_1);
destination(destination_1);
filter(filter_2);
destination(destination_2);
};
Where destination_1 will get logs which match filter_1 while
destination_2 will get only those which match *both* filters. In
previous syslog-ng versions logs arriving on any source matching all
filters were sent to all destinations.
Regards,
Sandor
More information about the syslog-ng
mailing list