Talk:Syslog-ng

Hi, a part of the config example in the quick start section is wrong. Namely: syslog-ng.conf

The first parameter of match should be the pattern you are looking for, and the value parameter decides which field of the message you want to check. The value field accepts syslog-ng macros (e.g., MESSAGE). For example, if you want to find the string 'foo' in messages, use match("foo" value("MESSAGE"));

To filter for applications (like Shorewall) it is probably easier to use program("Shorewall") instead of match.

Regards,

Robert frobert@balabit.com

I wanted to filter out a particular message that repeated often, I found that the following works well. syslog-ng.conf --Lyallp 04:03, 26 September 2011 (GMT)

pipe as a means of reading /proc/kmsg
Hi,

I'm the author of syslog-ng and I was suprised to read that using pipe to read /proc/kmsg gives better performance. I don't really see why that would be the case. Using pipe is only preferred to be used on real named pipes, and /proc/kmsg is not one and should rather be read by file.

The latest versions of syslog-ng even include a warning about this case.