| 1 |
Hi all, |
| 2 |
|
| 3 |
Has anyone here worked out how to filter out syslog messages using syslog-ng |
| 4 |
v3? The old syntax doesn't work (well complains bitterly about performance |
| 5 |
and says to use regex), and no matter what I try I cannot get the new syntax |
| 6 |
to work :-/ I have a syslog-ng server which logs to MySQL for multiple |
| 7 |
clients in a network, however the database just keeps growing with |
| 8 |
irrelevant data I'd prefer to just quietly ignore on the server side. |
| 9 |
|
| 10 |
I'm trying to filter out (exclude) messages such as: |
| 11 |
(root) CMD (/root/bin/vmware-checker) |
| 12 |
and |
| 13 |
(root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons ) |
| 14 |
|
| 15 |
============== |
| 16 |
filter myfilter { |
| 17 |
not match("regex" value("\/usr\/sbin\/run-crons")) |
| 18 |
and not match("regex" value("vmware-checker")); |
| 19 |
} |
| 20 |
log { |
| 21 |
source(src); |
| 22 |
source(remote); |
| 23 |
filter(myfilter); |
| 24 |
destination(d_mysql); |
| 25 |
}; |
| 26 |
=============== |
| 27 |
|
| 28 |
However they just keep coming through the filter (ie: not matching the "not |
| 29 |
match" filter). I've tried escaping the slashes, not escaping them ... even |
| 30 |
partial words, but I obviously am missing something somewhere. |
| 31 |
|
| 32 |
Anyone have any ideas? |
| 33 |
|
| 34 |
Thanks in advance, |
| 35 |
Ralph |
Archives