[syslog-ng] weird filter problem

Evan Rempel erempel at uvic.ca
Sat May 11 06:51:48 CEST 2013 

Wait a second. Version 3.2.x ... really?
That's quite old. There was a bug with the
.classifier.X tags some time in the past, and it might have been in those old versions. Certainly version 3.3 would be recommended, and all of y work is done with 3.4.x

My advice my be specific to version 3.4 :-(



Evan Rempel 250.271.7691
University Systems, University of Victoria

Evan Rempel <erempel at uvic.ca> wrote:

This definitely works. I'm using it right now.

If it isn't working, then your pattern in the patterndb is not matching. We literally run millions of messages per hour through this exact filter ... I copied and pasted it from our pattern database.



Evan Rempel   250.271.7691
University Systems, University of Victoria

Russell Fulton <r.fulton at auckland.ac.nz> wrote:


On 11/05/2013, at 2:26 PM, Evan Rempel <erempel at uvic.ca> wrote:

> Try this filter
>
>
> filter f_unknown {
>        tags(".classifier.unknown");
> };
>

This always appears to return true.  I.e. this filter includes everything.  Negating it includes nothing.

I have tried to install 3.2.5 as this is the last version that ELSA is confirmed to work with but that does not start:

Starting syslog-ng
/usr/local/syslog-ng/sbin/syslog-ng: error while loading shared libraries: libsyslog-ng.so.0: cannot open shared object file: No such file or directory

So far as I can tell all the lib files are present and correct and in the same place as the previous version?

I have syslog-ng installed in /usr/local/syslog-ng-<version> and a symlink /usr/local/syslog-ng pointing to the version to use.

Russell

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130511/19a0ca6b/attachment.htm

More information about the syslog-ng mailing list