0

I manage logs FreeBSD 13.2 via syslog-ng. The current syslog-ng config has some lines to send data to a remote server (Debian 10 - 192.168.0.2:3000).

destination lc_net { tcp("192.168.0.2" port(3000) log_fifo_size(1000)); };

filter f_ntpd { not match("ntpd." value(MESSAGE)); };

log { source(src);
         if {
                 filter(f_devd);
                 filter(f_ntpd);
         }
          else {
                 destination(lc_net);
         };
};

So I try to filter that kind of message:

Nov 28 13:47:23 host-example-fbsd kernel: ntpd.

But after reboot I always see this logline on the remote server.

I'm positive I have the wrong config, or I have a typo...

I bought the syslog-ng manual from here: syslog-ng OSE 3.16 - Filters.

My filters section:

#
# program filters
#
filter f_ppp { program("ppp"); };
filter f_slip { program("startslip"); };
filter f_devd { program("devd"); };
Improve this question

1 Answer 1

Reset to default
0

Does the f_devd filter also match the message? Both filters should match, otherwise the else branch is used.

Improve this answer
3
  • The f_devd filter doesn't work too.
    – Ilya Shmadchenko
    Commented Nov 29, 2023 at 9:34
  • I've added my filters section to the question.
    – Ilya Shmadchenko
    Commented Nov 29, 2023 at 9:41
  • Try something like this in your if branch: filter { filter(f_devd) or filter(f_ntpd) }; Simply listing the two filter expressions implies that both should match.
    – Robert Fekete
    Commented Nov 30, 2023 at 10:18

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .