On 17 March 2010 13:00, Roy Wright <r...@wright.org> wrote:
>
> I just started with the example at:
> http://en.gentoo-wiki.com/wiki/Syslog-ng
>
> HTH,
> Roy
Thanks Roy, however they have the same syntax which isn't working on my
side.
filter f_shorewall { not match("regex" value("Shorewall")); }
I just tried a single rule (to make sure it wasn't my syntax):
filter killVmMessages {
not match("regex" value("vmware-checker"));
};
yet the "(root) CMD (/root/bin/vmware-checker)" messages still go through?!
log {
source(src);
source(remote);
filter(myfilter);
filter(killVmMessages);
destination(d_mysql);
};
I'm really stumped here. All other filters (non regex) works fine though,
such as facility() & host().
Are you able to filter by content?
Ralph
