[rsyslog-notify] Forum Thread: filter invalid syslogtag - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Thu Jul 7 13:10:38 CEST 2016
User: awinberg
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26710#p26710
Message:
----------
I'm trying to filter out and discard messages with an, for my purposes,
invalid syslogtag (I'm using the syslogtag to construct log directory and
file names ), but I cant get it to work. Worth noting is that this is on a
RHEL6 box with version 5.8.10 (redhat version).
So, the syslogtag should look like this:
[code:w1ax4ge5]sometext[someothertext][/code:w1ax4ge5]
I've tried filtering out messages that does not contain a bracket:
[code:w1ax4ge5]if not $syslogtag contains "]" then ~[/code:w1ax4ge5]
This results in all my messages being filtered out. I've also tried
escaping the bracket, but then no messages are filtered out. I've also
tried property-based filters but then logging stops altogether, don't know
if my rsyslog version doesn't support them or something
Any pointers or ideas?
More information about the rsyslog-notify
mailing list