On Wed, 14 Aug 2013, John Anza wrote:
On Wed, Aug 14, 2013 at 7:40 AM, David Lang <[email protected]> wrote:
On Tue, 13 Aug 2013, Gary Foster wrote:
On Aug 13, 2013, at 5:09 PM, johnanza <[email protected]> wrote:
This works fine but is inefficient. I tried to rewrite as: (B)
if $syslogtag contains '/usr/local/bin/node' and $msg contains '[info]'
then
{
if $msg contains 'foo' then ~
else if $msg contains 'bar' then ~
else if $msg contains 'baz' then ~
}
so what happens if the syslogtag contains '/usr/local/bin/node' and the
$msg contains '[info]' but it does not contain foo, bar or baz?
That's right, it falls through your last else to?
but this failed with " warning: selector line without actions will be
discarded"
a selector line without an action.
could be, but I also wonder what would happen if he replaced ~ with 'stop'?
With 'stop' it fails in the same way.
what version of rsyslog are you dealing with?
It's version 5.8.10-6.22.amzn1
ahh, I'm not sure that that version supports {} grouped statements. I think that
was added in v6
If you are using this style of configuration, you really should move to 7.4 The
configuration optimizer that was added in v7 will make a huge difference in the
performance of your filters, and may make it unnessasary to re-structure them
David Lang
One thing I should have mention is that the rsyslog.conf looks like:
$IncludeConfig /etc/rsyslog.d/node.conf # this is where the IF statement
is.
(...)
*.info;mail.none;authpriv.none;cron.none /var/log/messages
So there is catch-all statement. If a message does not match the
problematic IF statement it will hit the /var/log/messages action.
David Lang
______________________________**_________________
rsyslog mailing list
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
