David , In case you wanted to see the debuglog and rsyslog.conf and /var/log/messages. None of it is very big so you won't have to parse through a ton of stuff.
We push these logs to two place at the moment. Graylog and rsyslog server. We are attempting to deprecate the rsyslog server for the fancy outputs from Graylog. =========================== Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -----Original Message----- From: David Lang <[email protected]> Sent: Thursday, April 26, 2018 4:29 PM To: Cheltenham, Chris <[email protected]> Cc: Rainer Gerhards <[email protected]>; rsyslog-users <[email protected]> Subject: RE: [rsyslog] excluding ip addresses On Thu, 26 Apr 2018, Cheltenham, Chris wrote: > I tried this as well. > > This is version 8.24 also. > > > > -/etc/rsyslog.conf > > # Use traditional timestamp format > > # > > # DeBugging > > /var/log/debuglog;RSYSLOG_DebugFormat > > # > > :msg, contains, "170.235.1.248" ~ > > :msg, contains, "170.235.1.249" ~ > > # > > > > > > > > I did get some stuff in the debug logs. > > > > msg: 'CLIENT IP ADDRESS: 170.235.1.248' > > escaped msg: 'CLIENT IP ADDRESS: 170.235.1.248' As Rainer says, there is a lot of other stuff in that log message (the debug format message is 10 lines of output for every log message it processes), we need to see the entire message. If the message is being relayed by some other system, it may not have the fromhost-ip that you are expecting. The debug format log messages will show you all the details. David Lang
rsyslog_sdp.tar.gz
Description: Binary data
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
