Forum Discussion
neeeewbie
MVP
MVPHow to configrue syslog include "space"
Hi guys I need your help !!! I have to configure syslog filter but space area does not enter the configuration ex) and not match (aaa) >>> it is possible and ...
Updated...OK: apparently somewhere in the last 10 years since I looked at syslog-ng filters last, the "match" was deprecated for "message". So here's how I tested, and the results:
sys syslog { include " filter f_local0 { facility(local0) and not message(\"abc abc\"); }; filter f_local0_custom { facility(local0) and message(\"abc abc\"); }; destination d_customlog { file(\"/var/log/customlog\" create_dirs(yes)); }; log { source(local); filter(f_local0_custom); destination(d_customlog); }; " }Then I slapped this iRule on a test virtual and hit it from my desktop:
when HTTP_REQUEST { log local0. "abc abc" log local0. "abc123 abc123" HTTP::respond 200 content "<html><body>sylog test initiating...</body></html>" }And here are my logs:
[root@ltm3:Active:Standalone] config # grep abc /var/log/ltm Nov 19 09:22:36 ltm3.test.local info tmm1[12240]: Rule /Common/syslog_match_test <HTTP_REQUEST>: abc123 abc123 Nov 19 09:22:36 ltm3.test.local info tmm1[12240]: Rule /Common/syslog_match_test <HTTP_REQUEST>: abc123 abc123 [root@ltm3:Active:Standalone] config # grep abc /var/log/customlog Nov 19 09:22:36 tmm1 tmm1[12240]: Rule /Common/syslog_match_test <HTTP_REQUEST>: abc abc Nov 19 09:22:36 tmm1 tmm1[12240]: Rule /Common/syslog_match_test <HTTP_REQUEST>: abc abc
