Asterisk is contained in $msg, so it is ... and $msg contains 'asterisk' ...
Hth Rainer Sent from phone, thus brief. Am 11.01.2014 23:57 schrieb "Trent Creekmore" <[email protected]>: > Using examples located at the URL > http://www.rsyslog.com/doc/rsyslog_conf_filter.html I have come up with > the > following filter: > > > ------ > if $fromhost-ip startswith '192.168.5.' and $programname == 'asterisk' then > action(type="omfile" file="/var/log/asterisk1.log") > ------ > > > This is based on a log entry from tinkering around with the examples. Once > such entry is : > > Jan 11 16:25:01 localhost CROND[7261]: (asterisk) CMD > (/var/lib/asterisk/agi-bin/areminder-manager.php 2>&1 >/dev/null) > > > What is not clear is the entry (asterisk) is a user or a program name since > both of those exist. > > > As the filer is, it is not reporting anything, so either it is a user name, > or I am doing something wrong. > > > Which is it, and what to do to correct it? > > Thanks > > > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
