[syslog-ng] Converting filtering from 2.1 to 3.0?
Matthew Hall
mhall at mhcomputing.net
Tue Sep 21 01:24:44 CEST 2010
On Tue, Sep 21, 2010 at 12:52:17AM +0200, Alan McKinnon wrote:
> Your "value" is wrong. It's a variable name, not a literal string, so
> you use it like this:
>
> value(MSGONLY)
>
> or the cleaner version
>
> value(${MSGONLY})
Are you sure? If you are sure about it, there is one example in the
documentation where it is not performed this way.
http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.1-guide-admin-en.html/configuring_filters.html
The following filter statement selects the messages that contain the
word deny and come from the host example.
filter demo_filter { host("example") and match("deny" value("MESSAGE")); };
So we better get somebody from Balabit to correct the documentation ASAP if
it's wrong like you suspect it to be.
Matthew.
More information about the syslog-ng
mailing list