[syslog-ng] Filtering out messages before any other action
Faine, Mark R. (MSFC-IS40)[NICS]
mark.faine at nasa.gov
Tue Mar 26 13:14:03 UTC 2019
I have the following as the first log path in my configuration, however, My understanding is that this should match any message with the text 'type=traffic' AND any of the listed policyid=## or a message with the text 'action=timeout'. Flags(final) indicates that it should not be further processed by any other log path. However, I'm still seeing messages that should be discarded, am I doing something wrong?
log {
if {
filter { message('type=traffic') };
filter {
(
message('policyid=35 ') or
message('policyid=37 ') or
message('policyid=38 ') or
message('policyid=40_D ') or
message('policyid=5 ') or
message('policyid=10 ') or
message('policyid=12 ') or
message('policyid=50 ') or
message('policyid=3 ') or
message('action=timeout ')
)
};
destination {
file("/dev/null");
};
};
flags(final);
};
Thanks,
-Mark
More information about the syslog-ng
mailing list