Not sure - the config snippet looks differently. Probably we need full config and description of what is logging where if this on a concentrator...
Rainer Sent from phone, thus brief. David Lang <[email protected]> schrieb am Mi., 25. Apr. 2018, 19:28: > On Wed, 25 Apr 2018, Rainer Gerhards wrote: > > > 2018-04-25 9:29 GMT+02:00 Flo Rance <[email protected]>: > >> Ok, but if ".err" means "err and above", why does it forward messages > with > >> the severity INFO as in the example ? > > > > pls post the raw message - how do you know it is INFO? > > in the docker world, the 'standard' is that messages get dumped to stdout, > not > in any standard format, so INFO: in the message body is the indication. > > It looks like these logs should be parsed with mmnormalize to extract the > various fields (potentially as a parser on the input) > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
