[rsyslog-notify] Forum Thread: Re: filter invalid syslogtag - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Fri Jul 8 07:45:58 CEST 2016
User: awinberg
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26729#p26729
Message:
----------
[quote:1jd0jpol]what is the filter that you tried on the central server,
and can you provide a sample (from the DebugFormat) of a log that is not
being filtered the way you expect it to?[/quote:1jd0jpol]
I've provided both in previous posts.
[quote:1jd0jpol]
In that case you are running an ancient version of rsyslog there, try doing
*.* /var/log/properties.log;RSYSLOG_DebugFormat[/quote:1jd0jpol]
As I said, I got it to work already (by using that syntax), but thanks
anyway.
[quote:1jd0jpol]on ancient versions, single vs double quotes matter, try
using single quotes (or better yet, upgrade to a non-ancient
version)[/quote:1jd0jpol]
I tried both single and double quotes, good tip though.
I will probably bite the bullet on this one and apply my filters on the
rsyslog clients instead of on the logserver. Even though it is more
convenient to filter stuff out at the central logserver, it also costs a
lot more in performance/resources than to distribute the job to my ~1000
rsyslog clients. Maybe I will take a look at it again when we move our
logservers to RHEL7 with a newer rsyslog version.
More information about the rsyslog-notify
mailing list