An optional component of syslog-ng configuration is filter creation. Filters can be used to pick log entries from defined sources with the possible intent of sending selected log entries to different destinations.
| Example 7.1. Selecting log messages from Postfix using filter |
|---|
|
The following is a trivial filter to select log messages coming from Postfix: filter f_postfix{program(“postfix”);}; |
Filters can use regular expressions in a match criteria and a number of other criteria as well. For a complete list of criteria, see Section 7.1.4, Filters. Due to the flexible nature of filters, it is almost impossible to create a usable GUI to interface them. Therefore, the tab of the System logging component is quite simple.
7.2.2.4.1. Procedure – Set filters
Create one or more filters.
See Section 7.2.2.2, Configuring sources and Section 7.2.2.3, Configuring destinations.
Set up a rule for each filter in the textbox.
MC aids in filter creation by taking care of the necessary curly braces ({}) and semicolons (;).
To create a syntactically correct postfix filter, enter the following details to the filter rule textbox:
program(“postfix”).
For further information on possible filters, see Appendix B, Further readings.
Copyright: © 2021 Balasys IT Security
Send your comments to support@balasys.hu
