<meta http-equiv="content-type" content="text/html; charset=utf-8"><div>Hi all,</div><div><br></div>Has anyone here worked out how to filter out syslog messages using syslog-ng v3? The old syntax doesn&#39;t work (well complains bitterly about performance and says to use regex), and no matter what I try I cannot get the new syntax to work :-/ I have a syslog-ng server which logs to MySQL for multiple clients in a network, however the database just keeps growing with irrelevant data I&#39;d prefer to just quietly ignore on the server side. <div>
<br>I&#39;m trying to filter out (exclude) messages such as:<br>  (root) CMD (/root/bin/vmware-checker)<br>and<br>  (root) CMD (test -x /usr/sbin/run-crons &amp;&amp; /usr/sbin/run-crons )<br><br>==============<br>filter myfilter {<br>
        not match(&quot;regex&quot; value(&quot;\/usr\/sbin\/run-crons&quot;))<br>        and not match(&quot;regex&quot; value(&quot;vmware-checker&quot;));<br>}<br>log {<br>        source(src);<br>        source(remote);<br>
        filter(myfilter);<br>        destination(d_mysql);<br>};<br>===============</div><div><br>However they just keep coming through the filter (ie: not matching the &quot;not match&quot; filter). I&#39;ve tried escaping the slashes, not escaping them ... even partial words, but I obviously am missing something somewhere.</div>
<div><br>Anyone have any ideas?</div><div><br></div><div>Thanks in advance,</div><div>Ralph</div>