[syslog-ng] replacing log statements
Sergey
a_s_y at sama.ru
Wed Mar 6 14:01:24 UTC 2019
On Wednesday 06 March 2019, you wrote:
> Could you share your use case, where you wanted to "replace" log blocks?
My use case is the reducing /var/log/messages when new software installed.
This can be implemented through the filter override but not so visual.
For example a base config:
==
...
filter f_mesgs { level(info) and not facility(mail,authpriv); };
destination mesg { file("/var/log/syslog/messages"); };
log { source(sys); filter(f_mesgs); destination(mesg); };
...
@include "/etc/syslog-ng/conf.d/*.conf"
==
Then I install Cyrus-IMAP for example.
== conf.d/cyrus-imap.conf ==
...
filter f_cyrus { match("cyrus/"); };
filter f_not_cyrus { not match("cyrus/"); };
...
log { source(sys); filter(f_cyrus); destination(cyrus); };
==
But some messages of Cyrus-IMAP is satisfy to the f_mesgs condition.
I can redifine f_mesgs:
filter f_mesgs { level(info) and not facility(mail,authpriv) and not match("cyrus/"); };
But the log override is more succinctly:
log { source(sys); filter(f_mesgs); filter (f_not_cyrus); destination(mesg); };
In this example, the "f_not_cyrus" filter is simple but they can be
more complex. The "f_mesg" filter can be difficult to read in the
result.
--
Regards, Sergey
More information about the syslog-ng
mailing list