Running rsyslog 8.1901.0-1 and it seems there is some difference in processing these two filters.
On the input there is message which is parsed with hostname property set to the IP address exactly. The match with use of 'contains' is not effective, while '==' is. Is this expected result? Message example (message is forwarded): <133>1 2019-12-13T14:57:36.227429+01:00 10.1.2.5 - - 2019 Dec 13 13:57:36 UTC: %AUTHPRIV-5-SYSTEM_MSG: root : TTY=unknown ; PWD=/var/sysmgr/sysmgr-subproc ; USER=root ; COMMAND=/sbin/sysctl -q -w vm.drop_caches=3 - sudo # with debug Debug line with all properties: FROMHOST: '10.1.2.3', fromhost-ip: '10.1.2.3', HOSTNAME: '10.1.2.5', PRI: 133, syslogtag '', programname: '', APP-NAME: '', PROCID: '-', MSGID: '-', filters: # does not work if $hostname contains ['10.1.2.4', '10.1.2.5'] then # does work if $hostname contains ['10.1.2.4', '10.1.2.5'] or $hostname == '10.1.2.5' then Following issue is experienced on this message samples. Other properly formatted messages from 10.1.2.4 are matched with no issues. There are no other type of messages coming from 10.1.2.5 address. Peter _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
