[syslog-ng] problem with filtering in syslog-ng
Zoltán Pallagi
pzolee at balabit.hu
Tue Feb 23 15:40:02 CET 2010
Hi Evan,
use the final flag in this log path.
For example:
log { source(src); filter(f_kern); filter(f_debug); filter(not_ntpd);
destination(messages); flags(final); };
For more information see our documentation:
http://www.balabit.hu/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch08s03.html
Evan Baer wrote:
> Hello,
>
> I'm trying to exclude ntpd update messages from /var/log/messages.
>
> I have created a filter like so:
> filter not_ntpd { not program("ntpd*"); };
>
> And implemented it in my log lines:
>
> log { source(src); filter(not_ntpd); destination(messages); };
> log { source(src); filter(f_notice); filter(f_not_authpriv);
> filter(not_ntpd); destination(messages); };
> log { source(src); filter(f_kern); filter(f_debug); filter(not_ntpd);
> destination(messages); };
> log { source(src); filter(f_lpr); filter(f_info); destination(messages); };
> log { source(src); filter(f_mail); filter(f_crit); destination(messages); };
>
> Yet the lines for ntpd still seem to pass through to the logfile.
>
> Feb 23 09:20:48 magpie-shn1e1324 ntpd[37397]: synchronized to
> 10.2.253.22, stratum 1
> Feb 23 09:20:49 magpie-shn1f1318 ntpd[729]: kernel time sync status change 2001
>
> Any thoughts?
> -- Evan
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
--
pzolee
More information about the syslog-ng
mailing list