Ralph Slooten <axllent@gmail.com> a écrit :

> On 17 March 2010 13:00, Roy Wright <roy@wright.org> wrote:
>>
>> I just started with the example at:
>> http://en.gentoo-wiki.com/wiki/Syslog-ng
>>
>> HTH,
>> Roy
>
> Thanks Roy, however they have the same syntax which isn't working on my
> side.
>
> filter f_shorewall { not match("regex" value("Shorewall")); }
>
>
> I just tried a single rule (to make sure it wasn't my syntax):
>
> filter killVmMessages {
>         not match("regex" value("vmware-checker"));
> };
>
> yet the "(root) CMD (/root/bin/vmware-checker)" messages still go through?!
>
> log {
>         source(src);
>         source(remote);
>         filter(myfilter);
>         filter(killVmMessages);
>         destination(d_mysql);
> };
>
> I'm really stumped here. All other filters (non regex) works fine though,
> such as facility() & host().
>
> Are you able to filter by content?
>
> Ralph
>

Perhaps you could try this which is working for me and let me filter  
all messages coming from iptables:

# firewall logging
destination iptables { file("/var/log/firewall/iptables.log"); };
filter f_iptables { message("iptables"); };
log { source(s_all); filter(f_iptables); destination(iptables); };

# all messages coming from kern
destination df_kern { file("/var/log/system/kern.log" ); };
filter f_kern { facility(kern) and not filter(f_iptables); };
log { source(s_all); filter(f_kern);destination(df_kern); };

Fred