Logging syslog ng匹配规则匹配,但不应匹配
我对syslog ng匹配规则有问题。 我有3个带有匹配规则的过滤器来指定标记 我的确认:Logging syslog ng匹配规则匹配,但不应匹配,logging,match,messages,syslog,syslog-ng,Logging,Match,Messages,Syslog,Syslog Ng,我对syslog ng匹配规则有问题。 我有3个带有匹配规则的过滤器来指定标记 我的确认: source s_all { syslog( ip(0.0.0.0) transport("udp") ); }; filter flt_apache_access { match('[apache2]') and level(info); }; filter flt_apache_error { match('[ap
source s_all {
syslog(
ip(0.0.0.0)
transport("udp")
);
};
filter flt_apache_access {
match('[apache2]') and
level(info);
};
filter flt_apache_error {
match('[apache2]') and
level(err);
};
filter flt_history {
match('[history]');
};
destination dst_apache_access {
file("/data/syslog/${.metadata.client}/${HOST}/apache_access-${YEAR}-${MONTH}-${DAY}.log");
};
destination dst_apache_error {
file("/data/syslog/${HOST}/apache_error-${YEAR}-${MONTH}-${DAY}.log");
};
destination dst_history {
file("/data/syslog/${HOST}/history-${YEAR}-${MONTH}-${DAY}.log");
};
log {
source(s_all);
filter(flt_apache_error);
destination(dst_apache_error);
};
log {
source(s_all);
filter(flt_apache_access);
destination(dst_apache_access);
};
log {
source(s_all);
filter(flt_history);
destination(dst_history);
};
logger -n 127.0.0.1 -d -p local6.info [history] TEST MATCHING histo
match('[history]');
message('[history]');
match('[history]' value("MESSAGE"));
match('[history]' value("PROGRAM"));
program('[history]');
root@Syslog-center:/data/syslog/127.0.0.1# cat apache_access-2018-06-27.log
Jun 27 11:46:09 127.0.0.1 opalanque: [history] TEST MATCHING histo
root@Syslog-center:/data/syslog/127.0.0.1# cat history-2018-06-27.log
Jun 27 11:46:09 127.0.0.1 opalanque: [history] TEST MATCHING histo
2018-06-27T11:49:52.823930] Incoming log entry; line='<182>1 2018-06-27T11:49:52.823717+02:00 Syslog-center opalanque - - [timeQuality tzKnown="1" isSynced="1" syncAccuracy="110500"] [history] TEST MATCHING histo'
[2018-06-27T11:49:52.823977] Setting value; msg='0x7f8c9c0044e0', name='HOST_FROM', value='127.0.0.1'
[2018-06-27T11:49:52.823983] Setting value; msg='0x7f8c9c0044e0', name='HOST', value='127.0.0.1'
[2018-06-27T11:49:52.823988] Setting value; msg='0x7f8c9c0044e0', name='SOURCE', value='s_all'
[2018-06-27T11:49:52.823994] Filter rule evaluation begins; msg='0x7f8c9c0044e0', rule='flt_apache_error', location='/etc/syslog-ng/conf.d/central.conf:36:26'
[2018-06-27T11:49:52.824004] Filter regexp node evaluation result; msg='0x7f8c9c0044e0', input='opalanque: [history] TEST MATCHING histo', result='match'
[2018-06-27T11:49:52.824008] Filter node evaluation result; msg='0x7f8c9c0044e0', result='match', type='regexp'
[2018-06-27T11:49:52.824011] Filter node evaluation result; msg='0x7f8c9c0044e0', result='not-match', type='level'
[2018-06-27T11:49:52.824014] Filter node evaluation result; msg='0x7f8c9c0044e0', result='not-match', type='AND'
[2018-06-27T11:49:52.824019] Filter rule evaluation result; msg='0x7f8c9c0044e0', result='not-match', rule='flt_apache_error', location='/etc/syslog-ng/conf.d/central.conf:36:26'
[2018-06-27T11:49:52.824023] Filter rule evaluation begins; msg='0x7f8c9c0044e0', rule='flt_apache_access', location='/etc/syslog-ng/conf.d/central.conf:31:27'
[2018-06-27T11:49:52.824028] Filter regexp node evaluation result; msg='0x7f8c9c0044e0', input='opalanque: [history] TEST MATCHING histo', result='match'
[2018-06-27T11:49:52.824031] Filter node evaluation result; msg='0x7f8c9c0044e0', result='match', type='regexp'
[2018-06-27T11:49:52.824035] Filter node evaluation result; msg='0x7f8c9c0044e0', result='match', type='level'
[2018-06-27T11:49:52.824038] Filter node evaluation result; msg='0x7f8c9c0044e0', result='match', type='AND'
[2018-06-27T11:49:52.824041] Filter rule evaluation result; msg='0x7f8c9c0044e0', result='match', rule='flt_apache_access', location='/etc/syslog-ng/conf.d/central.conf:31:27'
[2018-06-27T11:49:52.824052] Setting value; msg='0x7f8c9c005600', name='.metadata.client', value='mutu'
[2018-06-27T11:49:52.824057] Message parsing complete; result='1', rule='p_client', location='/etc/syslog-ng/conf.d/central.conf:12:2'
[2018-06-27T11:49:52.824088] Initializing destination file writer; template='/data/syslog/${.metadata.client}/${HOST}/apache_access-${YEAR}-${MONTH}-${DAY}.log', filename='/data/syslog/mutu/127.0.0.1/apache_access-2018-06-27.log'
[2018-06-27T11:49:52.824149] Filter rule evaluation begins; msg='0x7f8c9c0044e0', rule='flt_history', location='/etc/syslog-ng/conf.d/central.conf:41:21'
[2018-06-27T11:49:52.824155] Filter regexp node evaluation result; msg='0x7f8c9c0044e0', input='opalanque: [history] TEST MATCHING histo', result='match'
[2018-06-27T11:49:52.824159] Filter node evaluation result; msg='0x7f8c9c0044e0', result='match', type='regexp'
[2018-06-27T11:49:52.824163] Filter rule evaluation result; msg='0x7f8c9c0044e0', result='match', rule='flt_history', location='/etc/syslog-ng/conf.d/central.conf:41:21'
[2018-06-27T11:49:52.824168] Setting value; msg='0x7f8c9c0056d0', name='.metadata.client', value='mutu'
[2018-06-27T11:49:52.824172] Message parsing complete; result='1', rule='p_client', location='/etc/syslog-ng/conf.d/central.conf:12:2'
[2018-06-27T11:49:52.824189] Initializing destination file writer; template='/data/syslog/${.metadata.client}/${HOST}/history-${YEAR}-${MONTH}-${DAY}.log', filename='/data/syslog/mutu/127.0.0.1/history-2018-06-27.log'
logger -n 127.0.0.1 -d -p local6.info [history] TEST MATCHING histo
match('[history]');
message('[history]');
match('[history]' value("MESSAGE"));
match('[history]' value("PROGRAM"));
program('[history]');
filter flt_apache_access {
match('apache2') and
level(info);
};
filter flt_apache_error {
match('apache2') and
level(err);
};
filter flt_history {
match('history');
};