[syslog-ng] in-list for message
Garbacik, Joe
Joseph.Garbacik at netapp.com
Wed Apr 11 19:08:44 UTC 2018
Can syslog-ng parse the message field for a partial match using the in-list function? For instance, I am querying DNS logs and want to filter out common domains (i.e. Microsoft.com, Redhat.com)
In my list file I just have the domains, one per line and in my config file, if have the following: filter f_dns_noise_oklist { in-list("/etc/syslog-ng/lists.d/dns_noise.list", value("MESSAGE")); }; but it doesn’t seem to be working.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180411/0c6b8db6/attachment.html>
More information about the syslog-ng
mailing list