| 1 |
That's right, the value() parameter specifies which part of the message to |
| 2 |
check. This helps to cut down the performance cost of filtering, because there |
| 3 |
is no need to process the entire message if you are filtering on the program |
| 4 |
name, for example. |
| 5 |
|
| 6 |
Also, check the syslog-ng Administrator Guide |
| 7 |
(http://www.balabit.com/support/documentation/?product=syslog-ng&type=all&language[en]=en&) |
| 8 |
if you run into problems. And let me know if you do not find something that |
| 9 |
should be in the guide so I can add it some time. |
| 10 |
|
| 11 |
Regards, |
| 12 |
|
| 13 |
Robert Fekete |
| 14 |
maintainer of the syslog-ng documentation |
| 15 |
|
Archives