[syslog-ng] WARNING: the match() filter without the use of the value() ...

ml ml mliebherr99 at googlemail.com
Fri Jun 25 11:02:45 CEST 2010 

Hello,

thanks for the hint! Now i seem to struggle with the usage of it :)

I would like to log everything from the lighttpd daemon to a diffrent logfile:
 Jun 25 10:59:19 lighty-dev lighttpd[30575]: (log.c.172) server started

So i tried this filter:
 filter f_lighttpd { match("lighttpd" value("lighttpd")); };

Basically i would like to match for the facility "lighttpd", right?! I
dont really need a regex here.

Thanks,
Mario


On Fri, Jun 25, 2010 at 10:32 AM, Alan McKinnon <Alan.McKinnon at is.co.za> wrote:
>
> On Friday 25 June 2010 10:18:38 ml ml wrote:
>> Hello List,
>>
>> i am getting this error:
>> WARNING: the match() filter without the use of the value() option is
>> deprecated and hinders performance, please update your configuration;
>> Restarting syslog-ng: Stopping syslog-ng: OK.
>> Starting syslog-ng: WARNING: the match() filter without the use of the
>> value() option is deprecated and hinders performance, please update
>> your configuration;
>
> [snip]
>
>> ### 3.) FILTERS
>> filter f_ldap           { match("slapd");               };
>
> The message tell you what to do, it's right there in the admin guide :-)
>
> pg 213 of the 3.0 admin guide:
>
> The syntax has changed from earlier versions. match() now wants to know which
> part of the log to perform the match on. Your matches seem to use the program
> name, so use:
>
> (match("slapd" value=("PROGRAM"))
>
> to search the entire message for a match, use
>
> (match("slapd" VALUE="MSG"))
>
> or (better)
>
> message("slpad")
>
> Note that the macro name (MSG, PROGRAM, etc) does not have a leading $ - you
> are giving a macro name to use, not dereferencing it.
>
>
> --
> Alan McKinnon
> Systems Engineer^W Technician
> Infrastructure Services
> Internet Solutions
>
> +27 11 575 7585
>
> Please note: This email and its content are subject to the disclaimer as displayed at the following link http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm. Should you not have Web access, send a mail to disclaimers at is.co.za and a copy will be emailed to you.
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>

More information about the syslog-ng mailing list