1 |
Hi all, |
2 |
|
3 |
Has anyone here worked out how to filter out syslog messages using syslog-ng |
4 |
v3? The old syntax doesn't work (well complains bitterly about performance |
5 |
and says to use regex), and no matter what I try I cannot get the new syntax |
6 |
to work :-/ I have a syslog-ng server which logs to MySQL for multiple |
7 |
clients in a network, however the database just keeps growing with |
8 |
irrelevant data I'd prefer to just quietly ignore on the server side. |
9 |
|
10 |
I'm trying to filter out (exclude) messages such as: |
11 |
(root) CMD (/root/bin/vmware-checker) |
12 |
and |
13 |
(root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons ) |
14 |
|
15 |
============== |
16 |
filter myfilter { |
17 |
not match("regex" value("\/usr\/sbin\/run-crons")) |
18 |
and not match("regex" value("vmware-checker")); |
19 |
} |
20 |
log { |
21 |
source(src); |
22 |
source(remote); |
23 |
filter(myfilter); |
24 |
destination(d_mysql); |
25 |
}; |
26 |
=============== |
27 |
|
28 |
However they just keep coming through the filter (ie: not matching the "not |
29 |
match" filter). I've tried escaping the slashes, not escaping them ... even |
30 |
partial words, but I obviously am missing something somewhere. |
31 |
|
32 |
Anyone have any ideas? |
33 |
|
34 |
Thanks in advance, |
35 |
Ralph |