[rsyslog-notify] Forum Thread: filters not working - (Mode 'post')

noreply at adiscon.com noreply at adiscon.com
Thu Apr 17 01:10:42 CEST 2014 

User: nottoosmart 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24546#p24546

Message: 
----------
I'm trying to filter syslog messages on multiple points, hostname and
programname.  I've tried different combinations of syntax to make this work
but it keeps failing.  Can someone please help me figure out why I cannot
get this to work.  This is rsyslogd 5.8.10

Here is the snippet from rsyslog.conf:

if $programname contains_i 'dhcpd' and ($hostname startswith 'bc0a80c' or
$hostname startswith 'bac1957') then {
   action(type='omfile' file='/var/log/rsyslog/adonis_dhcpd.log'
}
if $programname contains_i 'named' and ($hostname startswith 'bc0a80c' or
$hostname startswith 'bac1957') then {
   action(type='omfile' file='/var/log/rsyslog/adonis_dns.log'
}
if $programname contains_i 'sshd' and ($hostname startswith 'bc0a80c' or
$hostname startswith 'bac1957') then {
   action(type='omfile' file='/var/log/rsyslog/adonis_sshd.log'
}
if $hostname startswith 'bc0a80c' or $hostname startswith 'bac1957' then {
   action(type='omfile' file='/var/log/rsyslog/adonis.log')
}

Here are the errors I'm getting (I've stripped the <!-- m --><a
class="postlink" href="http://www">http://www</a><!-- m -->. from the error
messages so I could paste here): 

rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="31354"
x-info=".rsyslog.com"] exiting on signal 15.
kernel: imklog 5.8.10, log source = /proc/kmsg started.
rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="568"
x-info=".rsyslog.com"] start
rsyslogd: the last error occured in /etc/rsyslog.conf, line 140:"if
$programname contains_i 'dhcpd' and ($hostname startswith 'bc0a80c' or
$hostname startswith 'bac1957') then {"
rsyslogd: warning: selector line without actions will be discarded
rsyslogd-3000: unknown priority name "log'" [try .rsyslog.com/e/3000 ]
rsyslogd: the last error occured in /etc/rsyslog.conf, line 141:"  
action(type='omfile' file='/var/log/rsyslog/adonis_dhcpd.log'"
rsyslogd: warning: selector line without actions will be discarded
rsyslogd-3000: unknown priority name "" [try .rsyslog.com/e/3000 ]
rsyslogd: the last error occured in /etc/rsyslog.conf, line 142:"}"
rsyslogd: warning: selector line without actions will be discarded
rsyslogd: the last error occured in /etc/rsyslog.conf, line 143:"if
$programname contains_i 'named' and ($hostname startswith 'bc0a80c' or
$hostname startswith 'bac1957') then {"
rsyslogd: warning: selector line without actions will be discarded
rsyslogd-3000: unknown priority name "log'" [try .rsyslog.com/e/3000 ]
rsyslogd: the last error occured in /etc/rsyslog.conf, line 144:"  
action(type='omfile' file='/var/log/rsyslog/adonis_dns.log'"
rsyslogd: warning: selector line without actions will be discarded
rsyslogd-3000: unknown priority name "" [try .rsyslog.com/e/3000 ]
rsyslogd: the last error occured in /etc/rsyslog.conf, line 145:"}"
rsyslogd: warning: selector line without actions will be discarded
rsyslogd: the last error occured in /etc/rsyslog.conf, line 146:"if
$programname contains_i 'sshd' and ($hostname startswith 'bc0a80c' or
$hostname startswith 'bac1957') then {"
rsyslogd: warning: selector line without actions will be discarded
rsyslogd-3000: unknown priority name "log'" [try .rsyslog.com/e/3000 ]
rsyslogd: the last error occured in /etc/rsyslog.conf, line 147:"  
action(type='omfile' file='/var/log/rsyslog/adonis_sshd.log'"
rsyslogd: warning: selector line without actions will be discarded
rsyslogd-3000: unknown priority name "" [try .rsyslog.com/e/3000 ]
rsyslogd: the last error occured in /etc/rsyslog.conf, line 148:"}"
rsyslogd: warning: selector line without actions will be discarded
rsyslogd: the last error occured in /etc/rsyslog.conf, line 149:"if
$hostname startswith 'bc0a80c' or $hostname startswith 'bac1957' then {"
rsyslogd: warning: selector line without actions will be discarded
rsyslogd-3000: unknown priority name "log')" [try .rsyslog.com/e/3000 ]
rsyslogd: the last error occured in /etc/rsyslog.conf, line 150:"  
action(type='omfile' file='/var/log/rsyslog/adonis.log')"
rsyslogd: warning: selector line without actions will be discarded
rsyslogd-3000: unknown priority name "" [try .rsyslog.com/e/3000 ]
rsyslogd: the last error occured in /etc/rsyslog.conf, line 151:"}"
rsyslogd: warning: selector line without actions will be discarded
rsyslogd-2124: CONFIG ERROR: could not interpret master config file
'/etc/rsyslog.conf'. [try .rsyslog.com/e/2124 ]


Thank you for any help.

More information about the rsyslog-notify mailing list