My Netgear FW is spamming my syslog-ng logfile with these rows:
Dec 16 15:18:46 192.168.0.1 kernel: [2007 Dec 16 15:18:47] FVS338 LOG_PACKET
Dec 16 15:18:46 192.168.0.1 kernel: [2007 Dec 16 15:18:47] FVS338 LOG_PACKET



I've activated "Log all unicast traffic" in my Netgear FW and that's what sending all those log entrys. I don't want do deactivate the function so
Is there anyway I can supress these entrys in syslog-ng when they are sen't to my log file? At the moment the logfile is growing large quickly.

Hi,

you will need to create a filter that uses a "not match" criteria that will filter that specific error message, and apply that filter to the destination log file.

cb

Thx for the reply,

This seemed to solve it:
filter logpacket { not match("LOG_PACKET"); };


destination df_fw { file("/var/log/fw.log"); };

log {
source(network);
destination(df_fw);
filter(logpacket);
};