[rsyslog-notify] Forum Thread: Re: fwd local msg, two listeners to remote server w/TLS, Que - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Sat Jun 18 03:04:40 CEST 2016
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26623#p26623
Message:
----------
the {} is part of the new syntax, the old syntax for rulesets was almost
unusable (it was part of what promted the new syntax)
stop means that you don't want anything to process this log message after
this point. you don't need it in a ruleset as a standard thing (if you call
a ruleset, it may be that you do something and decide that you are done
with the message, but it's probably not a good practice as it will cause
rules in the place you are calling it from to not process the messages,
with no clear indication why)
yes, to use the same ruleset for both, you just use the same ruleset name
in the input() statement.
the action() is not tied to the input() statement. I like to do all the
setup/housekeeping stuff first, and then have the rulesets and actions that
process the logs later. mixing them (and especially defining an input after
the stuff that you expect to process the input) seems to me to just cause
confusion.
More information about the rsyslog-notify
mailing list