let's look at the conversion pattern you are using here. could you please post a
sample log message as well?
value="[%p] %c{1}:%L - %m%n"
from the docs
%p is the priority, this does not need to be in text in a syslog message
%c{1} a single component of the category name
%L line number
%m the message
%n newline
so if you just changed the conversion pattern to:
value="uniquetext [%p] %c{1}:%L - %m%n"
then you could filter on 'uniquetext'
now, one thing that jumps out at me is that this does not look like a regular
syslog formatted log, so I expect that if we change it a bit we can seriously
improve things, but I would need to see a log entry created with this format to
be sure.
ideally I'd like to see what rsyslog on the machine that your app is sending
directly to logs with the format RSYSLOG_DebugFormat
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
