From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1NrrIg-00025o-In for garchives@archives.gentoo.org; Wed, 17 Mar 2010 11:20:34 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9D36CE0A5A; Wed, 17 Mar 2010 11:20:17 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 7816AE0A5A for ; Wed, 17 Mar 2010 11:20:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 07E2267799 for ; Wed, 17 Mar 2010 11:20:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -2.469 X-Spam-Level: X-Spam-Status: No, score=-2.469 required=5.5 tests=[AWL=0.130, BAYES_00=-2.599] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S5x1lfi7pHKD for ; Wed, 17 Mar 2010 11:20:08 +0000 (UTC) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by smtp.gentoo.org (Postfix) with ESMTP id 940D167883 for ; Wed, 17 Mar 2010 11:20:07 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1NrrIB-0001wG-6g for gentoo-user@gentoo.org; Wed, 17 Mar 2010 12:20:03 +0100 Received: from balabit.hu ([195.70.41.85]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 17 Mar 2010 12:20:03 +0100 Received: from frobert by balabit.hu with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 17 Mar 2010 12:20:03 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Robert Fekete Subject: [gentoo-user] Re: syslog-ng filtering Date: Wed, 17 Mar 2010 11:12:26 +0000 (UTC) Message-ID: References: <17bd4e851003161622x21b7e78chc228017250c7ff0f@mail.gmail.com> <201003171239.47431.alan.mckinnon@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: sea.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 82.141.167.23 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100215 Ubuntu/9.04 (jaunty) Shiretoko/3.5.8) Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 527eeeae-35f8-45b6-a791-7038cdf02d2a X-Archives-Hash: db9373721d82a868b95b6ce73b3211fa That's right, the value() parameter specifies which part of the message t= o check. This helps to cut down the performance cost of filtering, because = there is no need to process the entire message if you are filtering on the prog= ram name, for example.=20 Also, check the syslog-ng Administrator Guide (http://www.balabit.com/support/documentation/?product=3Dsyslog-ng&type=3D= all&language[en]=3Den&) if you run into problems. And let me know if you do not find something th= at should be in the guide so I can add it some time. Regards,=20 Robert Fekete maintainer of the syslog-ng documentation =C2=A0