[syslog-ng] using correlation to filter out some messages ?
Guillaume Rousse
guillomovitch at gmail.com
Tue Jan 18 18:13:35 CET 2011
Le 18/01/2011 15:24, Guillaume Rousse a écrit :
> Le 18/01/2011 13:23, Guillaume Rousse a écrit :
>> What am I missing ?
> Actually, it was a configuration issue on my side, it works perfectly now.
>
> And I just realized I could almost achieve the same by filtering on the
> '(connection lost)' message which is always present for basic tcp probes
> (I could eventually have lost other unrelated messages, touch).
And I also realized than I am probably filtering all messages matching
the second pattern (conn=@NUMBER:slapd_connection_id@ fd=@NUMBER@ closed
(connection lost)), wether they are related to the load balancer or not,
as the context-id attribute does not act like a filter.
As you suggested earlier, the following action in the second rule should
ensure a message in an empty context is getting re-emited:
<action trigger="match" condition="${MESSAGE}@1 == ''">
<message>
<values>
<value name="MESSAGE">${MSG}@1</value>
</values>
</message>
</action>
--
BOFH excuse #412:
Radial Telemetry Infiltration
More information about the syslog-ng
mailing list