* Marco Ahrendt wrote on Fri, Mar 02, 2001 at 14:10 +0100:
This is a FAQ, in short: (standard) syslogd cannot sort messages by strings/expressions, only by priority and facility. firewall is facility kernel IIRC, and so syslogd cannot distinguish between kernel and firewall entries (with same priority, maybe warn or whatever).
I see. Well, I think I'll use an exotic loglevel which I can parse to another file. This should be ok for now.
I've forgotten to talk about the alternative: filtering after syslog. There are tools, that can filter syslogs by patterns and so some actions, i.e. sending mail. Firewall logs with a string like: Feb 22 17:22:01 dx kernel: Packet log: input DENY As regex (perl syntax - untested): ^\w{3} \d\d \d\d:\dd:\d\d [\w-]+ kernel: Packet log: \w+ (DENY|REJECT) This should match all those entries. I use http://sws.dett.de/logmail/ for filtering that (so I get one mail per hour, max, and so I know what's going on). BTW, usually I don't want to get those entries. Syslogd can log through a named pipe directly; a script could read out the pipe and do Something Special (TM). oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.