Re: [rsyslog] rsyslog filter

Thu, 10 Oct 2013 09:42:53 -0700 

well, one odd thing, why do you have & ~ in the line the way you do?
if you want to throw the logs away after writing them to iotables.log the config sould look like: 

msg, startswith,"ipt: " /var/log/iptables.log
& ~
also, check for startup errors, I can never remember it this requires single or double quotes on old versions lke the 5.8 that ships with RHEL 6.4 

David Lang

On Thu, 10 Oct 2013, Ashish Nepal wrote:


Date: Thu, 10 Oct 2013 16:19:26 +0000
From: Ashish Nepal <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: rsyslog-users <[email protected]>
Subject: [rsyslog] rsyslog filter

Hi Rsyslog users,
I have been trying to filter iptables rules from kernel rules, its been quite 
bizzare that same config works for one of the box and not in other.


#### #### /etc/rsyslog.conf [CentOS release 6.4 (Final)]####
$ModLoad imuxsock # provides support for local system logging (e.g. via logger 
command)$ModLoad imklog   # provides kernel logging support (previously done by 
rklogd)$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat$IncludeConfig 
/etc/rsyslog.d/*.conf

#iptables Log:msg, startswith,"ipt: " /var/log/iptables.log& ~
kern.*                                                /var/log/kernel






###### As that didnt work i also tried to test below given format, with no luck.
#iptables Log:msg, startswith,"ipt: " -/var/log/iptables.log& ~

has anyone faced simillar issue with rsyslog?
RegardsAshish
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to