| 1 |
Help me understand this, please? I have ISC dhcpd configured to log to |
| 2 |
syslog.local7 (since I don't see an option to force it into it's own log |
| 3 |
file). So I went into my syslog-ng file and created two filters, just |
| 4 |
like on the example page of syslog-ng.com: |
| 5 |
|
| 6 |
filter dhcpmsgs { facility(23) ); |
| 7 |
filter non_dhcp { NOT filter(dhcpmsgs) ) |
| 8 |
|
| 9 |
I quoted almost directly from the example page on syslog-ng.com, but I |
| 10 |
keep getting this error when I reload syslog-ng's config: |
| 11 |
Error parsing filter expression, filter plugin NOT not found OR you may |
| 12 |
not used double quotes in your filter expression in |
| 13 |
/etc/syslog-ng/syslog-ng.conf:25:18-25:21: |
| 14 |
|
| 15 |
What did I do wrong? Here's the lines I modified from the syslog-ng page: |
| 16 |
filter demo_filter { host("example") and match("deny" value("MESSAGE")) }; |
| 17 |
filter inverted_demo_filter { NOT filter(demo_filter) } |
| 18 |
|
| 19 |
You can see the page at: |
| 20 |
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/administration-guide/53 |
| 21 |
|
| 22 |
|
| 23 |
-- |
| 24 |
Dan Egli |
| 25 |
From my Test Server |
Archives