Aftab_1138
Mar 23, 2009Nimbostratus
syslog-ng filter not working
Using the guideline in this article:
http://devcentral.f5.com/Default.aspx?tabid=53&view=topic&forumid=5&postid=8888
I created the following syslog-ng.conf section for logging from my iRule (named create_w3c_traffic_log) into a separate log file:
...
local0.info send w3c log entries to a separate file
filter f_local0_w3c_log {
facility(local0) and level(info) and match("create_w3c_traffic_log");
};
destination can be a hostname or IP address
destination d_logging {
file("/var/log/w3cLog" create_dirs(yes));
};
log {
source(local);
filter(f_local0_w3c_log);
destination(d_logging);
};
...
This logs properly to w3log file but the main log file "ltm" is also recording the same message. I have added the filter to the main log file to skip these messages, as:
...
local0.*/var/log/ltm
filter f_local0 {
facility(local0) and level(info..emerg) and not match("create_w3c_traffic_log");
};
filter f_no_audit {
not match("AUDIT");
};
destination d_ltm {
file("/var/log/ltm" create_dirs(yes));
};
log {
source(s_syslog_pipe);
filter(f_local0);
filter(f_no_audit);
destination(d_ltm);
};
...
What is wrong here?
I have BIG-IP 10.0.0 Build 5460.0 Hotfix HF1 software.