I tried adding the following to my config file:
:msg,contains,"MSWinEventLog"
*.* /var/log/windows.log
:msg, !contains, "MSWinEventLog"
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
/var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
However the filter doesn't seem to apply, when debugging the parse sequence
goes like this:
5250.008750501:main thread: Action 0x80a8600: queue 0x8094c00 created
5250.008823471:main thread: cfline: ':msg,contains,"MSWinEventLog"'
5250.008884805:main thread: selector line successfully processed
5250.008943799:main thread: - property-based filter
5250.009059262:main thread: tried selector action for builtin-file: -2001
5250.009130893:main thread: tried selector action for builtin-fwd: -2001
5250.009195089:main thread: tried selector action for builtin-shell: -2001
5250.009259497:main thread: tried selector action for builtin-discard: -2001
5250.009324602:main thread: tried selector action for builtin-usrmsg: -2001
5250.009394008:main thread: tried selector action for ompgsql.so: -2001
5250.009454057:main thread: config line NOT successfully processed
Am I missing something?
rsyslogd 4.4.2, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: Yes
FEATURE_NETZIP (message compression): Yes
GSSAPI Kerberos 5 support: No
FEATURE_DEBUG (debug build, slow code): No
Atomic operations supported: No
Runtime Instrumentation (slow code): No
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
