[syslog-ng] exclude pattern from logging
Pál, László
vlad at vlad.hu
Thu Sep 25 11:31:16 CEST 2014
You need both logpath. One is filtering out and other collecting remaining.
Also the order of log statement is important
This is how I filtered out some annoying qemu bug :))
filter f_qemu_bug {match("kernel" value("PROGRAM"));
and match("unable to execute QEMU command \'qom-get\'"
value("MESSAGE"));
};
filter f_variety_bug {match("kernel" value("PROGRAM"));
and match("Failed to set the background" value("MESSAGE"));
};
#get rid of qemu bug
log {
source(s_local);
filter(f_qemu_bug);
flags(final);
};
#get rid of variety bug
log {
source(s_local);
filter(f_variety_bug);
flags(final);
};
#separate firewall log
log {
source(s_local);
filter(f_iptables);
destination(d_firewall);
flags(final);
};
#remaining
log {
source(s_local);
destination(d_messages);
};
Vlad
On 24 September 2014 12:48, fRANz <andrea.francesconi at gmail.com> wrote:
> Hello guys,
> I'm trying to config syslog-ng to ignore and don't log some strings.
> I'm using syslog-ng-3.2.5-4.el6.x86_64 on a CentOS 6.5:
> the config is pretty simple:
>
> # cat /etc/syslog-ng/syslog-ng.conf
> @version:3.2
>
> options { check_hostname(yes);
> keep_hostname(yes);
> stats_freq(0);
> chain_hostnames(no); };
>
> source inputs { internal();
> unix-stream("/dev/log");
> udp();
> tcp(max_connections(100)); };
>
> destination logpile {
> file("/logs/$HOST/$YEAR/$MONTH/$DAY/$FACILITY"
> owner(root) group(root) perm(0600)
> create_dirs(yes) dir_perm(0700)); };
>
> #filter vmware_filter { match("Section for VMware ESX" value ("MESSAGE"));
> };
> #filter vmware_filter { message("Section for VMware ESX"); };
> filter vmware_filter { not message("Section for VMware ESX"); };
>
> #log { source(inputs); filter(vmware_filter); flags(final); };
> #log { source(inputs); destination(logpile); };
> log { source(inputs); filter(vmware_filter); destination(logpile); };
>
> but I cannot find the right key.
> Wha'ts wrong in this config? You can see old configuration applied.
> Thanks for any tip.
> -f
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140925/3b6e8e42/attachment.htm
More information about the syslog-ng
mailing list