syslog-ng Command and Configuration

source xxxxx{
};

filter xxxxx {
};

destination xxxxx {
};

log { source(xxxxx); filter(xxxxx); destination(xxxxx); };

filter f_demo_regexp {
    program("demo_program") and
    match("time error .* is too large .* set clock manually");
};

filter f_demo_optimized_regexp {
    program("demo_program") and
    match("time error") and
    match("is too large") and
    match("set clock manually");
};

filter     f_mesg {
    level(emerg..info)
    and not match('aaaaa')
    and not match('bbbbb')
    and not(match('192.168.0.10') and match('aaa bbb ccc'))
    and not match('test');
};

https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.18/administration-guide/64

• Strings between single quotes ('string') are treated literally
• If you use single quotes, you do not need to escape the backslash.

# Remote logging
source s_remote {
    tcp(ip(0.0.0.0) port(514));
    udp(ip(0.0.0.0) port(514));
};

destination d_separatedbyhosts {
    file("/var/log/syslog-ng/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

log { source(s_remote); destination(d_separatedbyhosts); };