[syslog-ng] Dropping specific messages from Syslog-NG
Fabien Wernli
wernli at in2p3.fr
Fri Apr 5 12:58:37 UTC 2019
Hi,
It seems your setup incorrectly parses the "syslog" messages.
The latest syslog-ng versiosn have improved Cisco parsing code, so I suggest
you try those first.
In any case, I can see two problems with your filter:
> filter f_trash { match(SNMP-3-RESPONSE_DELAYED value(MSGHDR)); and
>
> match(NTP Receive dropping message value(MSG))};
1. it matches only messages with both "SNMP" and "NTP" strings, which is not
what you seem to want.
2. "SNMP" seems to be in the MSG macro instead, although I can't be sure
3. use quotes in the match() argument
Cheers
More information about the syslog-ng
mailing list