My /etc/rsyslog.conf is stock (CentOS 7). The last stanza in /etc/rsyslog.conf looks like this:
# # Include all config files in /etc/rsyslog.d/ # $IncludeConfig /etc/rsyslog.d/*.conf Thus, I claim that the very first rule which rsyslog consults is, in fact, this ":msg, contains "mtp-probe:" stop" line I tried adding this line near the beginning of /etc/rsyslog.conf: Host> cat /etc/rsyslog.conf [...] ################# #### MODULES #### ################# module(load="imuxsock") # provides support for local system logging module(load="imklog") # provides kernel logging support module(load="immark") # provides --MARK-- message capability :msg, contains, "mtp-probe:" stop # provides UDP syslog reception module(load="imudp") input(type="imudp" port="514") [...] But I still see the same behavior, e.g. the following messages appear in /var/log/syslog: host> tail -f /var/log/syslog 2016-04-15T14:41:50.194910-07:00 xxxxx mtp-probe: checking bus 1, device 123: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-1" 2016-04-15T14:41:50.195367-07:00 xxxxx mtp-probe: bus: 1, device: 123 was not an MTP device --sk -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Rainer Gerhards Sent: Friday, April 15, 2016 2:35 PM To: rsyslog-users <[email protected]> Subject: Re: [rsyslog] discarding msgs Where is the file included? Is it after the files are written? It only affects things after the stop. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
