[rsyslog-notify] Forum Thread: Re: Filtering on Multiple Network Device Types Does Not Work - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Thu Dec 31 08:19:56 CET 2015
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26261#p26261
Message:
----------
I would not expect this to work. Rsyslog doesn't care about whitespace, so
this should be the equivalent of:
if $msg contains "ASA-" then
/var/log/splunk/cisco-firewall.log;rsyslog-fm
stop
if $programname contains "SFIMS" then
/var/log/splunk/cisco-sourcefire.log;rsyslog-fmt
stop
if $msg contains "CEF" then
/var/log/splunk/checkpoint-firewall.log;rsyslog-fmt
stop
you should need to enclose the two statements in {} to have them both have
the filter apply to them
More information about the rsyslog-notify
mailing list