On Wed, 22 Jan 2014, Rick Brown wrote:
running rsyslog-7.4.7-1.el5.centos
I'm trying to filter out messages like:
zimbra_mailbox: #011at
org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:429)
and every other message that contains #011at. My original attempt at this was
simply:
:msg, contains, "zimbra_mailbox: #011at" ~
That failed to drop any messages whatsoever. I removed the #011at and used:
that's because zimbra_mailbox: is the programname and not part of the message.
when you have issues like this, log the message with the format
RSYSLOG_DebugFormat and you will see what gets into each variable.
David Lang
:msg, contains, "org.mortbay." ~
Which did as expected, but still logged way more messages than I care to deal
with. I suspect the #011at is needs some escaping, but
http://www.rsyslog.com/rainerscript-constant-string-escaper/ tells me
otherwise. I've played with a few combinations to try and get it working, but
haven't come up with a working solution. Has anyone run into a similar
situation? Any advise?
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
