Hi @ all,
I�ve a short question, perhaps somebody could help me ...
How can I configure syslog-ng either not to log specific entries in messages or write them into another file ...
Here�re my extract from syslog-ng.conf:
...
filter f_imap { match(imap); };
...
destination imap { file("/var/log/imap"); };
log { source(src); filter(f_imap); destination(imap); };
...
I wan�t not log such entries with imap in it,
eg:
...
Jun 15 09:47:53 host imap[9797]: accepted connection
Jun 15 09:47:53 host imap[9797]: login: host.domain.com [127.0.0.2] imap_user PLAIN User logged in
Jun 15 09:47:53 host imap[9797]: open: user imap_user opened user....
but this doesn�t work ... where�s my mistake?
Thanks for help.
Regards,
Michael
Version? One Identity | Unified Identity Security
Match a regular expression to the headers and the message itself (i.e., the values returned by the MSGHDR and MSG macros). Note that in syslog-ng version 2.1 and earlier, the match() filter was applied only to the text of the message, excluding the headers. This functionality has been moved to the message() filter. To limit the scope of the match to a specific part of the message (identified with a macro), use the match(regexp value("MACRO")) syntax. Do not include the $ sign in the parameter of the value() option.
Hi,
I solved it at this way:
I added the red highlited text in the syslog-ng.conf at the filter for "messages" and together with the entry that messages with imap should go in another logfile, it works;
...
filter f_messages { not facility(news, mail) and not filter(f_iptables) and not filter(f_imap); };
...
filter f_imap { match(imap); };
...
destination imap { file("/var/log/imap"); };
log { source(src); filter(f_imap); destination(imap); };
Where is f_messages used?
in /etc/syslog-ng/syslog-ng.conf ...
there�s a line with " filter f_messages ... "
That's the declaration, I meant the use in a log clause.