1 |
On 17 March 2010 13:00, Roy Wright <roy@××××××.org> wrote: |
2 |
> |
3 |
> I just started with the example at: |
4 |
> http://en.gentoo-wiki.com/wiki/Syslog-ng |
5 |
> |
6 |
> HTH, |
7 |
> Roy |
8 |
|
9 |
Thanks Roy, however they have the same syntax which isn't working on my |
10 |
side. |
11 |
|
12 |
filter f_shorewall { not match("regex" value("Shorewall")); } |
13 |
|
14 |
|
15 |
I just tried a single rule (to make sure it wasn't my syntax): |
16 |
|
17 |
filter killVmMessages { |
18 |
not match("regex" value("vmware-checker")); |
19 |
}; |
20 |
|
21 |
yet the "(root) CMD (/root/bin/vmware-checker)" messages still go through?! |
22 |
|
23 |
log { |
24 |
source(src); |
25 |
source(remote); |
26 |
filter(myfilter); |
27 |
filter(killVmMessages); |
28 |
destination(d_mysql); |
29 |
}; |
30 |
|
31 |
I'm really stumped here. All other filters (non regex) works fine though, |
32 |
such as facility() & host(). |
33 |
|
34 |
Are you able to filter by content? |
35 |
|
36 |
Ralph |