[rsyslog-notify] Forum Thread: Re: filter invalid syslogtag - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Thu Jul 7 20:36:07 CEST 2016
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26719#p26719
Message:
----------
[quote="awinberg":b4xnuecs]I'm trying to filter out and discard messages
with an, for my purposes, invalid syslogtag (I'm using the syslogtag to
construct log directory and file names ), but I cant get it to work. Worth
noting is that this is on a RHEL6 box with version 5.8.10 (redhat version).
So, the syslogtag should look like this:
[code:b4xnuecs]sometext[someothertext][/code:b4xnuecs]
I've tried filtering out messages that does not contain a bracket:
[code:b4xnuecs]if not $syslogtag contains "]" then ~[/code:b4xnuecs]
This results in all my messages being filtered out. I've also tried
escaping the bracket, but then no messages are filtered out. I've also
tried property-based filters but then logging stops altogether, don't know
if my rsyslog version doesn't support them or something
Any pointers or ideas?[/quote:b4xnuecs]
on ancient versions, single vs double quotes matter, try using single
quotes (or better yet, upgrade to a non-ancient version)
also, there are lots of valid messages that do not contain the PID
More information about the rsyslog-notify
mailing list