Login or Register to Ask a Question and Join Our Community


SuSE

syslog-ng - dont log specific entries

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux SuSE syslog-ng - dont log specific entries
# 1  
Old 06-15-2011
syslog-ng - dont log specific entries
Hi @ all,

I´ve a short question, perhaps somebody could help me ...

How can I configure syslog-ng either not to log specific entries in messages or write them into another file ...

Here´re my extract from syslog-ng.conf:
Code:
...
filter f_imap      { match(imap); };
...
destination imap { file("/var/log/imap"); };
log { source(src); filter(f_imap); destination(imap); };
...

I wan´t not log such entries with imap in it,
eg:
Code:
...
Jun 15 09:47:53 host imap[9797]: accepted connection
Jun 15 09:47:53 host imap[9797]: login: host.domain.com [127.0.0.2] imap_user PLAIN User logged in
Jun 15 09:47:53 host imap[9797]: open: user imap_user opened user....

but this doesn´t work ... where´s my mistake?

Thanks for help.
Regards,
Michael
# 2  
Old 06-15-2011
Version? http://www.balabit.com/sites/default...tml#filterfunc

Match a regular expression to the headers and the message itself (i.e., the values returned by the MSGHDR and MSG macros). Note that in syslog-ng version 2.1 and earlier, the match() filter was applied only to the text of the message, excluding the headers. This functionality has been moved to the message() filter. To limit the scope of the match to a specific part of the message (identified with a macro), use the match(regexp value("MACRO")) syntax. Do not include the $ sign in the parameter of the value() option.
Last edited by DGPickett; 06-15-2011 at 05:07 PM..
# 3  
Old 06-16-2011
solved
Hi,
I solved it at this way:

I added the red highlited text in the syslog-ng.conf at the filter for "messages" and together with the entry that messages with imap should go in another logfile, it works;


Code:
...
filter f_messages   { not facility(news, mail) and not filter(f_iptables) and not filter(f_imap); };
...
filter f_imap      { match(imap); };
...
destination imap { file("/var/log/imap"); };
log { source(src); filter(f_imap); destination(imap); };

# 4  
Old 06-16-2011
Where is f_messages used?
# 5  
Old 06-16-2011
in /etc/syslog-ng/syslog-ng.conf ...
there´s a line with " filter f_messages ... "
# 6  
Old 06-16-2011
That's the declaration, I meant the use in a log clause.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Search for a specific String in a log file for a specific date range

Hi, I have log file which rolls out every second which is as this. HttpGenRequest - -<!--OXi dbPublish--> <created="2014-03-24 23:45:37" lastMsgId="" requestTime="0.0333"> <response request="getOutcomeDetails" code="114" message="Request found no matching data" debug="" provider="undefined"/>... (3 Replies)
Discussion started by: karthikprakash
3 Replies

2. Shell Programming and Scripting

Search specific name in a file and fetch specific entries

Hi all, I have 2 files, One file contain data like this FHIT CS CHRM1 PDE3A PDE3B HSP90AA1 PTK2 HTR1A ESR1 PARP1 PLA2G1B These names are mentioned in the second file(Please see attached second file) as (7 Replies)
Discussion started by: manigrover
7 Replies

3. Shell Programming and Scripting

Urgent request to consider:Search specific name in a file and fetch specific entries

Hi all, I have 2 files, One file contain data like this FHIT CS CHRM1 PDE3A PDE3B HSP90AA1 PTK2 HTR1A ESR1 PARP1 PLA2G1B These names are mentioned in the second file(Please see attached second file) as # Drug_Target_X_Gene_Name:(Where X can be any number (1-1000) (1 Reply)
Discussion started by: manigrover
1 Replies

4. Shell Programming and Scripting

urgent :S dont know why its not working

hello, i am trying to put users2 information to file appraisalrecord, however it is not working and i tried everything. overall, i just want to show that when they enter the user number it will verify in the file to see does that user number exist, if yes they have to a new user number if no they... (7 Replies)
Discussion started by: bassmasta1
7 Replies

5. Shell Programming and Scripting

i dont know where problem!!

okthanksi solve it :) (1 Reply)
Discussion started by: dream23
1 Replies

6. UNIX and Linux Applications

mysql query all entries which 'dont' match

I am trying to query a list of hosts and extract all entries which 'dont' match. SELECT LOGS.host, GOODLIST.host FROM LOGS,db.GOODLIST WHERE (LOGS.host <> GOODLIST.host)When I use this query, it is very very slow. Matching the host with the GOODLIST.host works great and fast but when I use <>... (1 Reply)
Discussion started by: hazno
1 Replies

7. What is on Your Mind?

dont understand

i'm trying to learn unix and i posted a question and what i was typing from school. i can't figure it out. how am i supposed to learn , when i get shutdown by an admin. for posting a homework question. doesn't make any sense. its a dumb rule. thanks for helping (4 Replies)
Discussion started by: AtomJ22
4 Replies

8. Shell Programming and Scripting

specific date on the log

Hi All, I have problem with my script grep error /var/adm/message* | grep $1 $2 > /tmp/error-adm$1$2 actually, i want to make the admin enter specific date like "Mar 10" how i can do that Thank you Ahmad (1 Reply)
Discussion started by: ahmad_one
1 Replies

9. Programming

I dont want this

Im creating a sort of shell, for my cybercafe This will restrict my clients from accessing unwanted materials so im programming a similar bash to 1. to meet my goals 2. to learn new things. im creating it in C, please have a look at the attachement. i wish to avoid having a blank space... (6 Replies)
Discussion started by: C|[anti-trust]
6 Replies
Login or Register to Ask a Question