[rsyslog-notify] Forum Thread: Re: Am i doing something completly wrong or have I found a b - (Mode 'reply')

noreply at adiscon.com noreply at adiscon.com
Tue Feb 18 16:02:33 CET 2014 

User: rasta-p 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24239#p24239

Message: 
----------
Thanks for you reply!

All filters are before i write into the database. These are the first lines
of my rsyslog.conf

#### MODULES ####

$ModLoad imuxsock.so            # provides support for local system logging
(e.g. via logger command)
$ModLoad imklog.so              # provides kernel logging support
(previously done by rklogd)
#$ModLoad immark.so             # provides --MARK-- message capability
$ModLoad ommysql                # MySQL Module -- <!-- e --><a
href="mailto:hcki at tdc.dk">hcki at tdc.dk</a><!-- e -->
$PreserveFQDN on                # keep FQDN and not only hostname

$WorkDirectory /root/rsyslog    # Default location for work (spool) files
$ActionQueueType LinkedList     # Use asynchronous processing
$ActionQueueFileName dbq        # Set file name, also enables disk mode
$ActionResumeRetryCount -1      # Infinite retries on insert failure

# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp.so
#$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

$AllowedSender UDP, XXX.XXX.XXX.XXX

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#### RULES ####

# addded by <!-- e --><a href="mailto:hcki at tdc.dk">hcki at tdc.dk</a><!-- e
-->.
:msg, contains, "test" ~
:msg, contains, "nagios" ~
:msg, contains, "172.17.13.133" ~
:msg, contains, "172.17.13.71" ~
:msg, contains, "188.181.133.100" ~
*.*     :ommysql:127.0.0.1,Syslog,XXXX,YYYYY
*.*     /var/log/rsyslog/messages

So messages with "nagios" should always be deleted before the write to the
database. If I use these:

$WorkDirectory /root/rsyslog    # Default location for work (spool) files
$ActionQueueType LinkedList     # Use asynchronous processing
$ActionQueueFileName dbq        # Set file name, also enables disk mode
$ActionResumeRetryCount -1      # Infinite retries on insert failure 

I need to have ":msg, contains, "test" ~" before ":msg, contains, "nagios"
~" in order to delete the messages with nagios in it.

But maybe I misunderstood you?

Best regards
Holger C. Kirketerp

More information about the rsyslog-notify mailing list