[syslog-ng] in-list filter with MESSAGE
Gopi Joshi
gkjoshi at gmail.com
Tue Oct 3 20:10:39 UTC 2017
I am trying to filter messages matching text stored in a txt file (plain
txt , exact match , one word each line). but its not working
filter f_userlist { in-list("/etc/syslog-ng/userlist.list",
value("MESSAGE")); }; ---> NOT WORKING
however it works with value(“PROGRAM”)
filter f_whitelist { in-list("/etc/syslog-ng/programlist.list",
value("PROGRAM")); }; --->WORKING
List ( userlist.list ) is not long and has less than 10 words to match.
anything missing ? or in-list filter doenot work with message contents .
any troubleshooting tips will e helpful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171003/275c13fe/attachment.html>
More information about the syslog-ng
mailing list