Hi, I am trying to filter auditd messages at a central aggregation server. I have the follow expression
if $msg contains 'msg=audit' then -/var/log/agg-auditd.log I have found other messages hits this expression and I am not sure how? If i grep -v "msg=audit" on the file random lines will sneak in but do not contain msg=audit. Is this typical? is there a better way to filter the audit daemon messages? I'm using 5.8.10 Thanks, Ryan _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
