manawenuz/btest-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity

Fix syslog-ng filter: match on MESSAGE not program()
All checks were successful
CI / test (push) Successful in 1m29s
Details

Browse Source 
With flags(no-parse) on the source, syslog-ng doesn't extract
the program name. Use match("btest-rs:" value("MESSAGE")) instead.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Siavash Sameni
2026-04-01 08:56:48 +04:00
parent a925a7778d
commit 7bc54a977c
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
deploy/syslog-ng-btest.conf
View File

@@ -3,22 +3,25 @@
# #
# Copy to: /var/data/syslogng/config/conf.d/btest.conf # Copy to: /var/data/syslogng/config/conf.d/btest.conf
# Or append to your main syslog-ng.conf # Or append to your main syslog-ng.conf
#
# Note: uses message-based matching (not program()) because
# MikroTik sources use flags(no-parse) which skips program extraction.
# Filter for btest-rs messages # Filter for btest-rs messages
filter f_btest { filter f_btest {
program("btest-rs"); match("btest-rs:" value("MESSAGE"));
}; };
# Filter subcategories # Filter subcategories
filter f_btest_auth { filter f_btest_auth {
program("btest-rs") and ( match("btest-rs:" value("MESSAGE")) and (
match("AUTH_SUCCESS" value("MESSAGE")) or match("AUTH_SUCCESS" value("MESSAGE")) or
match("AUTH_FAILURE" value("MESSAGE")) match("AUTH_FAILURE" value("MESSAGE"))
); );
}; };
filter f_btest_test { filter f_btest_test {
program("btest-rs") and ( match("btest-rs:" value("MESSAGE")) and (
match("TEST_START" value("MESSAGE")) or match("TEST_START" value("MESSAGE")) or
match("TEST_END" value("MESSAGE")) or match("TEST_END" value("MESSAGE")) or
match("TEST_RESULT" value("MESSAGE")) match("TEST_RESULT" value("MESSAGE"))