[syslog-ng] How to build a filter where one message from one host not logged
Balazs Scheidler
bazsi77 at gmail.com
Fri Mar 29 21:03:22 CET 2013
----- Original message -----
> Hi !
>
> I want to filter with syslog-ng that a message from a special host with
> a special message was not filtered and everything else goes to the
> logfile
>
> filter f_cisco_switches_knownerrors1
> {
> host ("hostxy")
> and match("ENVIRONMENT-3-RPS_FAILED");
> };
>
> The Log-Message :
> Mar 29 12:29:19 hostxy err 20979: Mar 29 12:29:18:
> %ENVIRONMENT-3-RPS_FAILED: Faulty internal power supply detected
this is probably caused by the fact that the cisco mnemonics go to the $PROGRAM value and match() in versions past 3.0 only match against the $MESSAGE part.
Try matching using program()
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130329/3490dd2e/attachment.htm
More information about the syslog-ng
mailing list