Hi, I'm using docker which is sending logs using syslog driver with the parameter "syslog-facility: local3". Here's an example:
Apr 24 12:55:44 hostname docker_pgbarman[1039]: 2018-04-24 12:55:44,400 [33] barman.wal_archiver INFO: No xlog segments found from streaming for db_stream. I try to forward logs that have a priority 'err' and facility 'local3' to graylog using the following expression: local3.err action(type="omfwd" target="company.graylog" port="12514" protocol="tcp" template="RSYSLOG_SyslogProtocol23Format") However, everything is forwarded, independently of the priority. Can anyone give me some hints on how to forward those messages based on priority ? Thanks, Flo _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
