Description: Select messages of a source statement. This filter can be used in embedded log statements if the parent statement contains multiple source groups — only messages originating from the selected source group are sent to the destination of the embedded log statement.
Description: Select messages labeled with the specified tag. Every message automatically has the tag of its source in .source.<id_of_the_source_statement> format. This option is available only in syslog-ng 3.1 and later.
Example: Adding tags and filtering messages with tags
source s_tcp {
network(ip(192.168.1.1) port(1514) tags("tcp", "router"));
};
Use the tags() option of the filters to select only specific messages:
filter f_tcp {
tags(".source.s_tcp");
};
filter f_router {
tags("router");
};
NOTE: The syslog-ng PE application automatically adds the class of the message as a tag using the .classifier.<message-class> format. For example, messages classified as "system" receive the .classifier.system tag. Use the tags() filter function to select messages of a specific class.
filter f_tag_filter {tags(".classifier.system");};
To skip the processing of a message without sending it to a destination, create a log statement with the appropriate filters, but do not include any destination in the statement, and use the final flag.
Example: Skipping messages
The following log statement drops all debug level messages without any further processing.
filter demo_debugfilter { level(debug); };
log { source(s_all); filter(demo_debugfilter); flags(final); };
Global options of syslog-ng PE