Hi All,
i am trying to drop sys log messages that contain certain words
The message coming looks like so
Feb 12 00:59:18 bd-c67b-85b3-1fa2-d50e69 mtlvdi52 VSANMGMTSVC: 641e7'},
{'uuid': '521c8928-2bbe-4258-eb7e-bb0c864ff357', 'isAllFlash': 0, 'owner':
'5dcd75a4-f34c-4392-1b2f-e4434b870550', 'disk_health': {'healthReason': 0,
'healthFlags': 0, 'timestamp': 87985781610}, 'capacityReserved':
1400897536, 'capacityUsed': 400165961728, 'isSsd': 0, 'capacity':
1000194703360, 'ssdUuid': '5251ae5d-48e5-b92b-741b-19743c38c492'}, {'uuid':
'528da7de-32d3-f6a9-316e-5727f63a2eb1', 'isAllFlash': 0, 'owner':
'5dcd75a4-f34c-4392-1b2f-e4434b870550', 'disk_health': {'healthReason': 0,
'healthFlags': 0, 'timestamp': 85923806398}, 'capacityReserved':
1417674752, 'capacityUsed': 383028035584, 'isSsd': 0, 'capacity':
1000194703360, 'ssdUuid': '5251ae5d-48e5-b92b-741b-19743c38c492'}, {'uuid':
'52e3c33e-8a38-6ece-64db-3fd27f1eabab', 'isAllFlash': 0, 'owner':
'5dcd75a4-f34c-4392-1b2f-e4434b870550', 'disk_health': {'healthReason': 0,
'healthFlags': 0, 'timestam
And my rule looks like
template (name="drop" type="string" string="/dev/null")
if $msg contains ['VSAN',
'VSANMGMTSVC']
then {
action(type="omfile" DynaFile="drop")
stop
}
But they are not being dropped, am i doing something wrong?
Thanks
--
Adam Barnett
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
i am trying to drop sys log messages that contain certain words
The message coming looks like so
Feb 12 00:59:18 bd-c67b-85b3-1fa2-d50e69 mtlvdi52 VSANMGMTSVC: 641e7'},
{'uuid': '521c8928-2bbe-4258-eb7e-bb0c864ff357', 'isAllFlash': 0, 'owner':
'5dcd75a4-f34c-4392-1b2f-e4434b870550', 'disk_health': {'healthReason': 0,
'healthFlags': 0, 'timestamp': 87985781610}, 'capacityReserved':
1400897536, 'capacityUsed': 400165961728, 'isSsd': 0, 'capacity':
1000194703360, 'ssdUuid': '5251ae5d-48e5-b92b-741b-19743c38c492'}, {'uuid':
'528da7de-32d3-f6a9-316e-5727f63a2eb1', 'isAllFlash': 0, 'owner':
'5dcd75a4-f34c-4392-1b2f-e4434b870550', 'disk_health': {'healthReason': 0,
'healthFlags': 0, 'timestamp': 85923806398}, 'capacityReserved':
1417674752, 'capacityUsed': 383028035584, 'isSsd': 0, 'capacity':
1000194703360, 'ssdUuid': '5251ae5d-48e5-b92b-741b-19743c38c492'}, {'uuid':
'52e3c33e-8a38-6ece-64db-3fd27f1eabab', 'isAllFlash': 0, 'owner':
'5dcd75a4-f34c-4392-1b2f-e4434b870550', 'disk_health': {'healthReason': 0,
'healthFlags': 0, 'timestam
And my rule looks like
template (name="drop" type="string" string="/dev/null")
if $msg contains ['VSAN',
'VSANMGMTSVC']
then {
action(type="omfile" DynaFile="drop")
stop
}
But they are not being dropped, am i doing something wrong?
Thanks
--
Adam Barnett
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.