[syslog-ng] Converting filtering from 2.1 to 3.0?
Alan McKinnon
Alan.McKinnon at is.co.za
Tue Sep 21 09:50:35 CEST 2010
On Tuesday 21 September 2010 01:24:44 Matthew Hall wrote:
> On Tue, Sep 21, 2010 at 12:52:17AM +0200, Alan McKinnon wrote:
> > Your "value" is wrong. It's a variable name, not a literal string, so
> > you use it like this:
> >
> > value(MSGONLY)
> >
> > or the cleaner version
> >
> > value(${MSGONLY})
>
> Are you sure? If you are sure about it, there is one example in the
> documentation where it is not performed this way.
>
> http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.1-gui
> de-admin-en.html/configuring_filters.html
>
> The following filter statement selects the messages that contain the
> word deny and come from the host example.
>
> filter demo_filter { host("example") and match("deny" value("MESSAGE")); };
>
> So we better get somebody from Balabit to correct the documentation ASAP if
> it's wrong like you suspect it to be.
I have run into this before, and it was only a lucky grep through the pdf doc
that gave me the clue to the solution. But I haven't extensively researched
all of it to be able to say something conclusive.
It's entirely possible there are two code paths through the config parser and
they give different results (hey, it's software - we all know how that works).
--
Alan McKinnon
Systems Engineer^W Technician
Infrastructure Services
Internet Solutions
+27 11 575 7585
Please note: This email and its content are subject to the disclaimer as displayed at the following link http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm. Should you not have Web access, send a mail to disclaimers at is.co.za and a copy will be emailed to you.
More information about the syslog-ng
mailing list