On 17 March 2010 13:00, Roy Wright <roy@wright.org> wrote:
>
> I just started with the example at:
> http://en.gentoo-wiki.com/wiki/Syslog-ng
>
> HTH,
> Roy

Thanks Roy, however they have the same syntax which isn't working on my side.

filter f_shorewall { not match("regex" value("Shorewall")); }

I just tried a single rule (to make sure it wasn't my syntax):

filter killVmMessages {
not match("regex" value("vmware-checker"));
};

yet the "(root) CMD (/root/bin/vmware-checker)" messages still go through?!

log {

source(src);

source(remote);

filter(myfilter);

filter(killVmMessages);

destination(d_mysql);

};

I'm really stumped here. All other filters (non regex) works fine though, such as facility() & host().

Are you able to filter by content?

Ralph