> On Tuesday, July 25, 2023 at 07:03:40 AM PDT, Tom Longfellow wrote:
> It turns out that the core of my problem was my interpretation of a few
> 'quirks' in syslog defining.
SYSLOGD does not solve every syslog problem thus you will find over a dozen
alternatives. I'm not recommending what to use but there's a reason they exist.
I suggest asking on a non-IBM Linux group because they are more likely to have
experienced your problem and know the best solution.
On Tuesday, July 25, 2023 at 07:03:40 AM PDT, Tom Longfellow
<[email protected]> wrote:
I think I am on the right track now.
On a personal note, I have always had difficulty working with 'Reverse' logic,
like my Reverse Polish Notation (RPN) calculator in my ancient College past.
I had tried the use of the '!' in the directives to no advantage several times
over the years.
It turns out that the core of my problem was my interpretation of a few
'quirks' in syslog defining.
Selection criteria is in four parts - source.task.component.faciility ----
leaving out a part changes the meaning of all the remaining parts. Evaluation
is from right to left (another Reverse for me to deal with)
Selections can be concatenated and trigger when all the components are True.
Any False test kills the evaluation of that rule.
This leaves you with the situation where you must define a test where the
'truth' of the test 'excludes' the message.
In the past, I was trying '!Condition' mixed with 'This one' conditions.
Unsuccessfully.
Thanks to this web page
https://colinpaice.blog/2022/05/30/setting-up-syslogd-on-z-os/ I now think I
have it right.
Turns out there is a 'facility' called 'none' that can be viewed as 'not any of
the other ones'.
Right now, my config file has the following and things are looking better.
(BTW: the z/OS CS Syslogd Browser is VERY useful)
Rule/Active UNIX file name
---=---=---=---=---=---=---=----
*.TRMD*.*.*
/var/log/2023/07/25/trmd
- - - - - - - - - - - - - - - - - - -
*.IKED*.*.*
/var/log/2023/07/25/iked
- - - - - - - - - - - - - - - - - - -
*.debug
/var/log/2023/07/25/debug
- - - - - - - - - - - - - - - - - - -
*.err
/var/log/2023/07/25/errors
- - - - - - - - - - - - - - - - - - -
*.info;*.TRMD*.*.none;*.IKED*.*.none
/var/log/2023/07/25/log
- - - - - - - - - - - - - - - - - - -
(170.99.3.0/24).*.*
/var/log/2023/07/25/log-others
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
