The syslog-ng Administrator GuideDocument version: 1.1.4
|
 |
The syslog-ng Administrator GuideDocument version: 1.1.4
|
|
The following functions may be used in the filter statement, as described in Section 3.6, “Filters”.
| Name | Synopsis | Description |
|---|---|---|
| facility | facility(facility[,facility]) | Match messages having one of the listed facility code. An alternate syntax permits the use an arbitrary facility codes. |
| facility | facility(<numeric facility code>) | An alternate syntax for facility permitting
the use of an arbitrary facility code. Facility codes 0-23 are
predefined and can be referenced by their usual name. Facility codes
above 24 are not defined but can be used by this alternate syntax.
|
| filter() | filter(filtername) | Call another filter rule and evaluate its value. |
| host() | host(regexp) | Match messages by using a regular expression against the hostname field of log messages. |
| level() or priority() | level(pri[,pri1..pri2[,pri3]]) | Match messages based on priority. |
| match() | match(regexp) | Tries to match a regular expression to the message itself. |
| netmask() | netmask(ip/mask) | Check the sender's IP address whether it is in the specified IP subnet. |
| program() | program(regexp) | Match messages by using a regular expression against the program name field of log messages. |
Table 9.13. Filter functions in syslog-ng
The host(), match(), and
program() filter functions accept extended regular
expressions (also called POSIX modern regular expressions) as parameters. The regular
expressions can use up to 255 regexp matches ($1 ... $255), but
only from the last filter. For case-insensitive searches, start the expression with the
(?i) string.
The level() filter accepts the following levels:
emerg, alert,
crit, err, warning,
notice, info,
debug.
The facility() filter accepts both the name and the
numerical code of the facility or the importance level. The syslog-ng application
recognizes the following facilities: (Note that some of these facilities are available
only on specific platforms.)
| Numerical Code | Facility name | Facility |
|---|---|---|
| 0 | kern | kernel messages |
| 1 | user | user-level messages |
| 2 | mail system | |
| 3 | daemon | system daemons |
| 4 | auth | security/authorization messages |
| 5 | syslog | messages generated internally by syslogd |
| 6 | lpr | line printer subsystem |
| 7 | news | network news subsystem |
| 8 | uucp | UUCP subsystem |
| 9 | cron | clock daemon |
| 10 | auth | security/authorization messages |
| 11 | ftp | FTP daemon |
| 12 | NTP subsystem | |
| 13 | log audit | |
| 14 | log alert | |
| 15 | cron | clock daemon |
| 16-23 | local0..local7 | locally used facilities (local0-local7) |
Table 9.14. syslog Message Facilities recognized by the facility() filter
© 2007-2008 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com