Difference between revisions of "Talk:Syslog-ng"

From ArchWiki
Jump to: navigation, search
m (Created page with "after the example syslog-ng.conf, and aside from the timestamps and remote loghost tips, most of this article has been adapted from the gentoo wiki page for syslog-ng.conf .. FYI...")
 
(Is match() example right?: new section)
Line 4: Line 4:
  
 
[[User:AskApache|AskApache]] 22:19, 14 September 2010 (EDT)
 
[[User:AskApache|AskApache]] 22:19, 14 September 2010 (EDT)
 +
 +
== Is match() example right? ==
 +
 +
The example:
 +
  filter f_failed { match("regex" value("failed")); };
 +
is in my opinion bad.
 +
 +
List of supported values in value() should be: "HOST", "HOST_FROM",  "MESSAGE", "PROGRAM", "PID", "MSGID" and "SOURCE".
 +
 +
More info: https://lists.balabit.hu/pipermail/syslog-ng/2009-April/012789.html
 +
 +
Better example could be:
 +
 +
  filter f_grsecurity { match("^grsec" value("MESSAGE")); };
 +
''This is real/working example from my syslog-ng config.''

Revision as of 21:39, 8 February 2011

after the example syslog-ng.conf, and aside from the timestamps and remote loghost tips, most of this article has been adapted from the gentoo wiki page for syslog-ng.conf .. FYI

So yes it needs updating for arch please

AskApache 22:19, 14 September 2010 (EDT)

Is match() example right?

The example:

 filter f_failed { match("regex" value("failed")); };

is in my opinion bad.

List of supported values in value() should be: "HOST", "HOST_FROM", "MESSAGE", "PROGRAM", "PID", "MSGID" and "SOURCE".

More info: https://lists.balabit.hu/pipermail/syslog-ng/2009-April/012789.html

Better example could be:

 filter f_grsecurity { match("^grsec" value("MESSAGE")); };

This is real/working example from my syslog-ng config.