[syslog-ng] in-list filter with MESSAGE
Czanik, Péter
peter.czanik at balabit.com
Wed Oct 4 06:54:28 UTC 2017
Here is an example for using the inlist filter together with the patterndb
parser: https://czanik.blogs.balabit.com/2013/09/black-cat-white-cat/ In
this case patterndb extract IP addresses from log messages which are
checked using the inlist filter.
Bye,
Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream
https://www.balabit.com/blog/author/peterczanik/
https://twitter.com/PCzanik
On Wed, Oct 4, 2017 at 8:14 AM, Fabien Wernli <wernli at in2p3.fr> wrote:
> On Tue, Oct 03, 2017 at 04:10:39PM -0400, Gopi Joshi wrote:
> > I am trying to filter messages matching text stored in a txt file (plain
> > txt , exact match , one word each line). but its not working
>
> As Péter suggested, you should first extract the username from the MESSAGE,
> for instance using one of the parsers (kv, csv, db, …), and then apply the
> in-list filter to that extracted macro
>
> Cheers
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171004/c768a61e/attachment.html>
More information about the syslog-ng
mailing list