Ralph Slooten <axll...@gmail.com> a écrit :
On 17 March 2010 13:00, Roy Wright <r...@wright.org> wrote:I just started with the example at: http://en.gentoo-wiki.com/wiki/Syslog-ng HTH, RoyThanks Roy, however they have the same syntax which isn't working on my side. filter f_shorewall { not match("regex" value("Shorewall")); } I just tried a single rule (to make sure it wasn't my syntax): filter killVmMessages { not match("regex" value("vmware-checker")); }; yet the "(root) CMD (/root/bin/vmware-checker)" messages still go through?! log { source(src); source(remote); filter(myfilter); filter(killVmMessages); destination(d_mysql); }; I'm really stumped here. All other filters (non regex) works fine though, such as facility() & host(). Are you able to filter by content? Ralph
Perhaps you could try this which is working for me and let me filter all messages coming from iptables:
# firewall logging
destination iptables { file("/var/log/firewall/iptables.log"); };
filter f_iptables { message("iptables"); };
log { source(s_all); filter(f_iptables); destination(iptables); };
# all messages coming from kern
destination df_kern { file("/var/log/system/kern.log" ); };
filter f_kern { facility(kern) and not filter(f_iptables); };
log { source(s_all); filter(f_kern);destination(df_kern); };
Fred
pgpP4DKTZk6Yg.pgp
Description: Signature numérique PGP
