From sa4.sp-dl at nkn.in  Thu Aug  4 13:15:06 2022
From: sa4.sp-dl at nkn.in (Sachchidanand Upadhyay)
Date: Thu, 4 Aug 2022 18:45:06 +0530 (IST)
Subject: [syslog-ng] drop log lines having keyword "INTERNET"
Message-ID: <828065580.773297.1659618906802@nkn.in>

Hi, 

I want to drop all log lines having keyword "INTERNET", I tried following scenario: 

scenario-1 

filter f_log { facility(local3); }; 
filter f_nointernet { not message("INTERNET"); }; 

log { source(s_sys); filter(f_nointernet); filter(f_log); destination(d_log); }; 

scenario-2 

filter f_internet { message("INTERNET"); }; 
filter f_log { facility(local3); and not filter(f_internet); }; 

log { source(s_sys); filter(f_log); destination(d_log); }; 

scenario-3 

filter f_log { facility(local3); }; 
filter f_internet { message("INTERNET"); }; 
filter f_nointernet { not filter(f_internet); }; 

log { source(s_sys); filter(f_nointernet); filter(f_log); destination(d_log); }; 

But none of them is working. 
Please help. 

Regards, 
Sachchidanand 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20220804/7429746a/attachment.htm>