Difference between revisions of "Talk:Syslog-ng"

From ArchWiki
Jump to: navigation, search
(Is match() example right?: new section)
(Is match() example right?)
Line 19: Line 19:
 
   filter f_grsecurity { match("^grsec" value("MESSAGE")); };
 
   filter f_grsecurity { match("^grsec" value("MESSAGE")); };
 
''This is real/working example from my syslog-ng config.''
 
''This is real/working example from my syslog-ng config.''
 +
 +
[[User:Tojaj|Tojaj]] 16:39, 8 February 2011 (EST)

Revision as of 21:39, 8 February 2011

after the example syslog-ng.conf, and aside from the timestamps and remote loghost tips, most of this article has been adapted from the gentoo wiki page for syslog-ng.conf .. FYI

So yes it needs updating for arch please

AskApache 22:19, 14 September 2010 (EDT)

Is match() example right?

The example:

 filter f_failed { match("regex" value("failed")); };

is in my opinion bad.

List of supported values in value() should be: "HOST", "HOST_FROM", "MESSAGE", "PROGRAM", "PID", "MSGID" and "SOURCE".

More info: https://lists.balabit.hu/pipermail/syslog-ng/2009-April/012789.html

Better example could be:

 filter f_grsecurity { match("^grsec" value("MESSAGE")); };

This is real/working example from my syslog-ng config.

Tojaj 16:39, 8 February 2011 (EST)