Hello, I would like to write some rules such that: If a messages comes in via imudp, or imtcp and contains a specific string in the rawmsg, that it goes to one log. If a messages comes in via imudp, or imtcp and contains another string in the rawmsg, that it goes to another log.
I started with udp messages, and tried the following: $template ITCMLOG,"/opt/share/ptc_comms_log/itcmlog.log" $template TRACE,"/opt/share/ptc_comms_log/itcmtrc.log" if $inputname == "imudp" and $rawmsg contains "<182>1" then ?TRACE if $inputname == "imudp" and $rawmsg contains "<179>1" then ?ITCMLOG The first rule seems to work just fine, but the second rule does not seem to be working. Instead, I'm seeing messages like this: tail itcmlog.log Aug 30 13:36:18 lnxb42341.cbtmuat.aduat.csx.com <179>1 lnxb42341 csxt.b.TNSR1aJ.ELM1 **NO MATCH** Aug 30 13:36:18 lnxb42341.cbtmuat.aduat.csx.com <179>1 lnxb42341 csxt.b.TNSR1aJ.ELM1 **NO MATCH** Aug 30 13:36:18 lnxb42341.cbtmuat.aduat.csx.com <179>1 lnxb42341 csxt.b.TNSR1aJ.ELM1 **NO MATCH** Aug 30 13:36:18 lnxb42341.cbtmuat.aduat.csx.com <179>1 lnxb42341 csxt.b.TNSR1aJ.ELM1 **NO MATCH** Aug 30 13:36:18 lnxb42341.cbtmuat.aduat.csx.com <179>1 lnxb42341 csxt.b.TNSR1aJ.ELM1 **NO MATCH** Aug 30 13:36:18 lnxb42341.cbtmuat.aduat.csx.com <179>1 lnxb42341 csxt.b.TNSR1aJ.ELM1 **NO MATCH** Aug 30 13:36:18 lnxb42341.cbtmuat.aduat.csx.com <179>1 lnxb42341 csxt.b.TNSR1aJ.ELM1 **NO MATCH** Aug 30 13:36:18 lnxb42341.cbtmuat.aduat.csx.com <179>1 lnxb42341 csxt.b.TNSR1aJ.ELM1 **NO MATCH** Aug 30 13:36:18 lnxb42341.cbtmuat.aduat.csx.com <179>1 lnxb42341 csxt.b.TNSR1aJ.ELM1 **NO MATCH** Aug 30 13:36:18 lnxb42341.cbtmuat.aduat.csx.com <179>1 lnxb42341 csxt.b.TNSR1aJ.ELM1 **NO MATCH** At first I thought the NO MATCH messages were occurring because of the first rule, but since the messages are getting logged, and since I see the string I'm using to filter "<179>1", I wonder if it's something else. Thanks, R. Singh Sr. Systems Engineer II, CPS, CSX Technology 904-633-5745 [chessie] H0\/\/ T0/\/\0RR0\/\/ /\/\0\/35 "Give instruction to a wise man, and he will be yet wiser : teach a just man, and he will increase in learning." - Proverbs 9:9 This email transmission and any accompanying attachments may contain CSX privileged and confidential information intended only for the use of the intended addressee. Any dissemination, distribution, copying or action taken in reliance on the contents of this email by anyone other than the intended recipient is strictly prohibited. If you have received this email in error please immediately delete it and notify sender at the above CSX email address. Sender and CSX accept no liability for any damage caused directly or indirectly by receipt of this email.
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
