Table 5.4: Filters Parameters (Syslog-Ng Configuration) - Avocent Cyclades ACS Command Reference Manual

source s_kernel { file('/proc/kmsg'); };
• Receive messages from local syslogd clients.
source sysl {unix-stream('/dev/log');};
• Receive messages from remote syslogd clients.
source s_udp { udp(ip(<cliente ip>) port(<udp port>)); };
• Listen to messages from all machines on UDP port 514.
source s_udp { udp(ip(0.0.0.0) port(514));};
• Listen to messages from a client at IP address=10.0.0.1 on UDP port 999.
source s_udp_10 { udp(ip(10.0.0.1) port(999)); };
3. Define Filters
filter <identifier> { expression; };
where,
• identifier - Uniquely identifies a given filter.
• expression - Builds a boolean expression using internal functions.

Table 5.4: Filters Parameters (Syslog-ng Configuration)

Option
facility
(<facility code>)
level(<level code>) or priority
(<level code>)
program(<string>)
host(<string>)
match(<string>)
The following are examples of how to define filters.
• To filter by facility.
filter f_facilty { facility(<facility name>); };
Examples:
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_debug { not facility(auth, authpriv, news, mail); };
Description
Selects messages based on their facility code.
Selects messages based on their priority.
Tries to match the <string> to the program name field of the log message.
Tries to match the <string> to the hostname field of the log message.
Tries to match the <string> to the message itself.
Chapter 5: Administration 81