[rsyslog-notify] Forum Thread: Re: Prevent rsyslog server from indexing its own logs - (Mode 'edit_last_post')

[noreply at adiscon.com]

User: wegdave 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26187#p26187

Message: 
----------
Yup, tested it now, but it doesn't want to work :|


[code:2woshzcy]root at brjgs058 rsyslog]# ll
total 36
drwxrwxr-x 2 root root 4096 Nov 24 08:51 10.1.80.230
drwxrwxr-x 2 root root 4096 Nov 24 08:54 10.1.80.231
drwxrwxr-x 2 root root 4096 Nov 24 08:55 10.1.80.232
drwxrwxr-x 2 root root 4096 Nov 24 08:56 10.1.80.233
drwxrwxr-x 2 root root 4096 Nov 24 08:57 10.1.80.234
drwxrwxr-x 2 root root 4096 Nov 24 09:22 10.1.80.236
drwxrwxr-x 2 root root 4096 Nov 24 09:23 10.1.80.237
drwxrwxr-x 2 root root 4096 Nov 24 09:10 10.1.89.1
drwxrwxr-x 2 root root 4096 Nov 19 15:12 10.2.118.163

[root at brjgs058 rsyslog]# cat /etc/rsyslog.conf | grep if
if ($hostname == 'BRJGS058') then ~

[root at brjgs058 rsyslog]# service rsyslog restart
Shutting down system logger:                               [  OK 
]
Starting system logger:                                    [  OK 
]

[root at brjgs058 rsyslog]# ll
total 40
drwxrwxr-x 2 root root 4096 Nov 24 08:51 10.1.80.230
drwxrwxr-x 2 root root 4096 Nov 24 08:54 10.1.80.231
drwxrwxr-x 2 root root 4096 Nov 24 08:55 10.1.80.232
drwxrwxr-x 2 root root 4096 Nov 24 08:56 10.1.80.233
drwxrwxr-x 2 root root 4096 Nov 24 08:57 10.1.80.234
drwxrwxr-x 2 root root 4096 Nov 24 09:22 10.1.80.236
drwxrwxr-x 2 root root 4096 Nov 24 09:23 10.1.80.237
drwxrwxr-x 2 root root 4096 Nov 24 09:10 10.1.89.1
drwxrwxr-x 2 root root 4096 Nov 19 15:12 10.2.118.163
drwx------ 2 root root 4096 Nov 24 09:50 brjgs058

[root at brjgs058 rsyslog]# cat brjgs058/syslog.log
Nov 24 09:50:00 brjgs058 rsyslogd: [origin
software="rsyslogd" swVersion="5.8.10" x-pid="2039"
x-info="http://www.rsyslog.com"] start
Nov 24 09:50:01 brjgs058 CROND[2050]: (root) CMD
(/var/opt/OV/bin/instrumentation/weg.verifica.agentes.sh)
Nov 24 09:50:01 brjgs058 CROND[2051]: (root) CMD
(/usr/lib/sa/sa1 1 1)
Nov 24 09:50:01 brjgs058 CROND[2052]: (root) CMD
(/usr/bin/mrtg /etc/mrtg/mrtg.cfg logging /var/log/mrtg.log)
Nov 24 09:50:01 brjgs058 CROND[2053]: (root) CMD
(LANG=C LC_ALL=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg --lock-file
/var/lock/mrtg/mrtg_l --confcache-file /var/lib/mrtg/mrtg.ok)
Nov 24 09:50:01 brjgs058 CROND[2054]: (root) CMD (env
LANG=C /usr/bin/mrtg /mrtg/cfgs/mrtg.cfg >> /var/log/mrtg.log 2>&1)
Nov 24 09:50:01 brjgs058 postfix/pickup[6481]:
A502B7A042: uid=0 from=<root>
Nov 24 09:50:01 brjgs058 postfix/cleanup[2024]:
A502B7A042:
message-id=<20151124115001.A502B7A042 at brjgs058.localdomain>
Nov 24 09:50:01 brjgs058 postfix/qmgr[1831]:
A502B7A042: from=<root at brjgs058.localdomain>, size=699, nrcpt=1
(queue active)
Nov 24 09:50:01 brjgs058 postfix/local[29382]:
A502B7A042: to=<root at brjgs058.localdomain>, orig_to=<root>,
relay=local, delay=0.03, delays=0.02/0/0/0.01,
dsn=5.2.2, status=bounced (cannot update mailbox /var/mail/root for
user root. error writing message: File too large)
Nov 24 09:50:01 brjgs058 postfix/cleanup[29214]:
A84987A045:
message-id=<20151124115001.A84987A045 at brjgs058.localdomain>
Nov 24 09:50:01 brjgs058 postfix/qmgr[1831]:
A84987A045: from=<>, size=2618, nrcpt=1 (queue active)
Nov 24 09:50:01 brjgs058 postfix/bounce[29384]:
A502B7A042: sender non-delivery notification: A84987A045
Nov 24 09:50:01 brjgs058 postfix/qmgr[1831]:
A502B7A042: removed
Nov 24 09:50:01 brjgs058 postfix/local[2025]:
A84987A045: to=<root at brjgs058.localdomain>, relay=local,
delay=0.02, delays=0.01/0/0/0.01, dsn=5.2.2,
status=bounced (cannot update mailbox /var/mail/root for user root.
error writing message: File too large)
Nov 24 09:50:01 brjgs058 postfix/qmgr[1831]:
A84987A045: removed
You have mail in /var/spool/mail/root
[root at brjgs058 rsyslog]#[/code:2woshzcy]

Maybe updating the version of rsyslog would be a good idea?