Hello All,
I'm pretty new to rsyslog and having trouble with one particular log source,
hoping this is the correct use of this email address - apologies if not.
The logs I'm trying to filter do not provide host name or IP but are always
prefixed with the following:
Jun 17 23:52:16 51e4095633fa lorica[-]:
I have tried a few options with the filtering, but have yet to find something
that works correctly.
Current config is:
if $msg contains "lorica[-]:" then {
action(type="omfile" file="/var/log/debug/lorica.log" filecreatemode="0644")
stop
}
I have also tried just "lorica" and "lorica\[-\]:" but neither of these work
and the latter gives an error when I check the file saying there are invalid
characters.
Currently all logs are going to fallthrough.log file, but need to be filtered
into their own file.
Any assistance that can be provided would be greatly appreciated.
Regards
Mark Kozanic
Splunk Administrator
______________________________________________________________________
"Important: This transmission is intended only for the use of the addressee and
may contain confidential or legally privileged information. If you are not the
intended recipient, you are notified that any use or dissemination of this
communication is strictly prohibited. If you receive this transmission in
error please notify the author immediately and delete all copies of this
transmission."
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
