On Mon, 3 Sep 2012, Peeran, Syed wrote:
Hello--
Please let me know why my code in /etc/rsyslog.conf does NOT filter the message
"default send string"
# Filter out messages here place on top
:msg, contains, "default send string" -/var/log/discard.log
& ~
a couple things, please don't reply to one thread and change the topic
like this, it makes it easy to miss your reply when people read the
message in a threaded view.
I'm assuming that you are running into this with logs from a F5, sinceI
recently ran into the same thing.
The problem is that the F5 is sending a bogus log message, when the
message is parsed, rsyslog attempts to guess what was sent, and in this
case the message part of the log does not get "default send string",
instead you get the hostname "default" the syslogtag "send" and the
message "string"
The way to diagnose something like this is to either log rawmsg somewhere,
or log with the format string RSYSLOG_Debug which shows you the raw
message that was sent, and how rsyslog parsed it apart.
try :rawmsg, isequal,"default send string"
instead
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
