Hi, I'm trying to set up a rule to discard some messages on a CentOS 7 box (8.24.0) but can't seem to get the syntax right. It seems that either it's not working at all out or it discards EVERYTHING. Here's a sample of something I'm trying to discard:
Mar 11 16:58:04 Oracle Audit[14958]: LENGTH: "225" SESSIONID:[8] "25480410" ENTRYID:[1] "1" USERID:[6] "DBSNMP" ACTION:[3] "101" RETURNCODE:[1] "0" LOGOFF$PREAD:[1] "0" LOGOFF$LREAD:[2] "16" LOGOFF$LWRITE:[1] "0" LOGOFF$DEAD:[1] "0" DBID:[10] "1221313690" SESSIONCPU:[1] "1" I've used 'if $programname == 'Oracle Audit' then stop' but that doesn't seem to do the trick. I've also tried using 'msg' but that also doesn't do anything. What am I doing wrong? Thanks! _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
