You are not logged in.

#1 2008-03-19 21:27:34

hanman
Member
Registered: 2007-05-16
Posts: 22

syslog-ng filter problem

i'm having trouble getting my syslog-ng messages filtered into the logs i want.  here's the section of my syslog-ng.conf file:

source UDP { udp(); };

destination VoIP { file("/var/log/VoIP.log"); };
destination trapeze { file("/var/log/trapeze.log"); };
destination svp { file("/var/log/svp.log"); };

filter f_VoIP { match(".*0090.7a.*"); };
filter f_svp { match(".*svpii.*"); };

log { source(UDP); filter(f_VoIP); destination(VoIP); };
log { source(UDP); destination(trapeze); };
log { source(UDP); filter(f_svp); destination(svp); };

i have some voip equipment on the network reporting to my syslog-ng server, but it's all going into the /var/log/trapeze.log file.  naturally, this makes reading more difficult.  however, my filters seem to be doing nothing, because everything is still going into the trapeze.log.  am i missing something?

thanks for your help.

EDIT: also, is there a way to timestamp each entry with the server's time, regardless of what the client says?

the svp.log filter seems to be working as it should, but the VoIP.log is still not working.

EDIT2:  well, i gave up on the regexp and just did it by ip address. 

i would still like to know how to get the syslog server to timestamp each entry rather than letting the client do it.

Last edited by hanman (2008-03-20 19:29:45)

Offline

Board footer

Powered by FluxBB