For example, here is a small block that I'm using to route rsyslog
related messages to the local /var/log/rsyslog.log file:
if ($programname == 'rsyslogd' or $syslogfacility-text == 'syslog') then {
action(
name="rsyslog-messages"
type="omfile"
file="/var/log/rsyslog.log")
}
In the /var/log/rsyslog.log file I find two log messages showing that an
action for forwarding messages to a remote rsyslog instance has been
resumed:
2017-08-25T09:33:09.312969-05:00 graylog1 rsyslogd: action
'ForwardToSawmill1' resumed (module 'omrelp') [v8.29.0 try
http://www.rsyslog.com/e/2359 ]
2017-08-25T09:33:09.312976-05:00 graylog1 rsyslogd: action
'ForwardToSawmill1' resumed (module 'omrelp') [v8.29.0 try
http://www.rsyslog.com/e/2359 ]
I'd like to figure out why two such messages were logged when I'm only
aware of the ruleset where that message resides being called once. Is
there a way to add a statement just prior to the "call
ForwardToLogServer" statement that writes a message that the previous
block will catch?
Perhaps something like (pseudocode):
echo "About to call Forward Action"
call ForwardToLogServer
I've called myself looking, but I suspect I'm looking right over it.
Thanks!
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.