On 17 March 2010 13:00, Roy Wright <roy@wright.org> wrote:
>
> I just started with the example at:
> http://en.gentoo-wiki.com/wiki/Syslog-ng
>
> HTH,
> Roy

Thanks Roy, however they have the same syntax which isn't working on my
side.

filter f_shorewall { not match("regex" value("Shorewall")); }


I just tried a single rule (to make sure it wasn't my syntax):

filter killVmMessages {
        not match("regex" value("vmware-checker"));
};

yet the "(root) CMD (/root/bin/vmware-checker)" messages still go through?!

log {
        source(src);
        source(remote);
        filter(myfilter);
        filter(killVmMessages);
        destination(d_mysql);
};

I'm really stumped here. All other filters (non regex) works fine though,
such as facility() & host().

Are you able to filter by content?

Ralph