分类: LINUX
2008-03-03 22:11:15
The following functions may be used in the filter statement, as described in .
# 注释 :下面介绍过滤器中内置的函数
| Name | Synopsis | Description |
|---|---|---|
| facility | facility(facility[,facility]) |
Match messages having one of the listed facility code. An alternate syntax
permits the use an arbitrary facility codes.
# 注释 :facility()用于过滤出来自特定 facility 的消息,多个 facility
用逗号分开。 |
| facility | facility( |
An alternate syntax for
facility
permitting the use of an arbitrary facility code. Facility codes 0-23 are
predefined and can be referenced by their usual name. Facility codes above 24
are not defined but can be used by this alternate syntax. # 注释 :facility()还可以使用 facility 的编号,在这种情况下可以使用
|
| level() or priority() | level(pri[,pri1..pri2[,pri3]]) |
Match messages based on priority.
# 注释 :level()用于过滤特定 severity 的消息 |
| program() | program(regexp) |
Match messages by using a regular expression against the program name field
of log messages.
# 注释 :program()过滤出来自特定程序的消息。可以使用 regexp
来表示程序名 |
| host() | host(regexp) |
Match messages by using a regular expression against the hostname field of
log messages.
# 注释 :host()匹配消息的源,可以是 regexp 。 |
| match() | match(regexp) |
Tries to match a regular expression to the message itself.
# 注释 :match()匹配消息主体中的内容。可以是一个 regexp
|
| filter() | filter(filtername) |
Call another filter rule and evaluate its value.
# 注释 :filter()用于调用另外一个过滤器。 |
| netmask() | netmask(ip/mask) |
Check the sender's IP address whether it is in the specified IP
subnet.
# 注释 :netmask()用于检查消息源的 ip
是否落在某个范围内。 |
Table 8.13. Filter functions in syslog-ng
The host(), match(), and program() filter functions accept extended
regular expressions (also called POSIX modern regular expressions) as
parameters. The regular expressions can use up to 255 regexp matches ($1 ... $255). For case-insensitive searches,
start the expression with the (?i)
string.
# 注释 :host()、match()、program()都可以使用扩展的 regexp ,默认区分大小写。如果要忽略大小写,在 regexp 前加上 '(?i)'
The level() filter accepts the
following levels: emerg, alert, crit, err, warning, notice, info, debug.
# 注释 :level()接受 emerg、alert、crit、err、warning、notice、info、debug
The facility() filter accepts both the name and
the numerical code of the facility or the importance level. The syslog-ng
application recognizes the following facilities: (Note that some of these
facilities are available only on specific platforms.)
| Numerical Code | Facility name | Facility |
|---|---|---|
| 0 | kern | kernel messages |
| 1 | user | user-level messages |
| 2 | mail system | |
| 3 | daemon | system daemons |
| 4 | auth | security/authorization messages |
| 5 | syslog | messages generated internally by syslogd |
| 6 | lpr | line printer subsystem |
| 7 | news | network news subsystem |
| 8 | uucp | UUCP subsystem |
| 9 | cron | clock daemon |
| 10 | auth | security/authorization messages |
| 11 | ftp | FTP daemon |
| 12 | NTP subsystem | |
| 13 | log audit | |
| 14 | log alert | |
| 15 | cron | clock daemon |
| 16-23 | local0..local7 | locally used facilities (local0-local7) |
Table 8.14. syslog Message Facilities recognized by the facility() filter
