[syslog-ng] drop log lines having keyword "INTERNET"
Sachchidanand Upadhyay
sa4.sp-dl at nkn.in
Thu Aug 4 13:15:06 UTC 2022
Hi,
I want to drop all log lines having keyword "INTERNET", I tried following scenario:
scenario-1
filter f_log { facility(local3); };
filter f_nointernet { not message("INTERNET"); };
log { source(s_sys); filter(f_nointernet); filter(f_log); destination(d_log); };
scenario-2
filter f_internet { message("INTERNET"); };
filter f_log { facility(local3); and not filter(f_internet); };
log { source(s_sys); filter(f_log); destination(d_log); };
scenario-3
filter f_log { facility(local3); };
filter f_internet { message("INTERNET"); };
filter f_nointernet { not filter(f_internet); };
log { source(s_sys); filter(f_nointernet); filter(f_log); destination(d_log); };
But none of them is working.
Please help.
Regards,
Sachchidanand
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20220804/7429746a/attachment.htm>
More information about the syslog-ng
mailing list