On Wed, 28 Oct 2009, Jonathan Bond-Caron wrote: > On Wed Oct 28 07:35 AM, Rainer Gerhards wrote: >>> Thanks a lot, that works well. >>> >>> The docs are bit misleading: >>> http://www.rsyslog.com/doc-rsyslog_conf_filter.html >>> >>> It could show something like this: >>> :msg, contains, "error" /var/log/error.log >>> :msg, !contains, "error" ~ >>> >>> All messages that contain the word "error" are logged to >>> /var/log/error.log All messages that do not contain the word "error" >>> are thrown away. >> >> The doc in general could be much improved (any volunteers?), but here >> I think it is right. The link you quote defines what filters are, but >> what you post is not only a filter but a full selector line, >> consisting from a filter and the associated action. >> >> I agree that it would be useful to have more scenario-based cases >> which contain all the pieces put together (again, any volunteers?). > > Noted ;) > > I'll prepare a patch for 4.4.2 this week, will also fix an issue with the > syslog 'tag' parsing. It should terminate when it sees a tab or escape > control character. > > Makes it a little more RFC3164 compliant.
it should also terminate parsing a hostname when it hits a tab (the RFC says it should be a space, but I've got one case (snare) that sometimes uses a tab. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
