[syslog-ng] problem with filtering in syslog-ng
Evan Baer
evan.d.baer at gmail.com
Tue Feb 23 15:22:23 CET 2010
Hello,
I'm trying to exclude ntpd update messages from /var/log/messages.
I have created a filter like so:
filter not_ntpd { not program("ntpd*"); };
And implemented it in my log lines:
log { source(src); filter(not_ntpd); destination(messages); };
log { source(src); filter(f_notice); filter(f_not_authpriv);
filter(not_ntpd); destination(messages); };
log { source(src); filter(f_kern); filter(f_debug); filter(not_ntpd);
destination(messages); };
log { source(src); filter(f_lpr); filter(f_info); destination(messages); };
log { source(src); filter(f_mail); filter(f_crit); destination(messages); };
Yet the lines for ntpd still seem to pass through to the logfile.
Feb 23 09:20:48 magpie-shn1e1324 ntpd[37397]: synchronized to
10.2.253.22, stratum 1
Feb 23 09:20:49 magpie-shn1f1318 ntpd[729]: kernel time sync status change 2001
Any thoughts?
-- Evan
More information about the syslog-ng
mailing list